Incident Response Storytime — Gootkit 2020
Tags
country: Germany
attack-pattern: Data Domains - T1583.001 Domains - T1584.001 Ip Addresses - T1590.005 Javascript - T1059.007 Malware - T1587.001 Malware - T1588.001 Powershell - T1059.001 Server - T1583.004 Server - T1584.004 Software - T1592.002 Connection Proxy - T1090 Powershell - T1086
Show in Graph
Common Information
Type Value
UUID 970f7615-94e0-444f-ab56-28e160d2b8e5
Fingerprint 2dd4bb92a132050b
Analysis status DONE
Considered CTI value 0
Text language
Published July 10, 2023, 12:51 p.m.
Added to db July 10, 2023, 3:01 p.m.
Last updated Nov. 17, 2024, 5:57 p.m.
Headline Incident Response Storytime — Gootkit 2020
Title Incident Response Storytime — Gootkit 2020
Detected Hints/Tags/Attributes 44/2/9
Source URLs
Redirection Url
Details Source https://medium.com/@malcolmkoegler/incident-response-storytime-gootkit-2020-36df552842c4?source=rss------malware-5
URL Provider
Details Provider Source level domain
Details medium.com medium.com
RSS Feed
Details Id Enabled Feed title Url Added to db
Details 171 Malware on Medium https://medium.com/feed/tag/malware 2024-08-30 22:08
Attributes
Details Type #Events CTI Value
Details Domain 1373 
twitter.com
Details Domain 1 
bankappsecurised.com
Details File 61 
search.php
Details Url 1 
https://twitter.com/ffforward/status/1326144202997166084
Details Url 1 
https://www.malwarebytes.com/blog/news/2020/11/german-users-targeted-with-gootkit-banker-or-revil-ransomware
Details Windows Registry Key 15 
HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid
Details Windows Registry Key 15 
HKEY_CURRENT_USER\SOFTWARE
Details Windows Registry Key 14 
HKEY_CURRENT_USER\Environment
Details Windows Registry Key 582 
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run