ioc[.]one - OSINT Cyber Threat Intelligence Database

Gootkit Loader’s Updated Tactics and Fileless Delivery of Cobalt Strike

Tags

attack-pattern:

Model Domains - T1583.001 Domains - T1584.001 Javascript - T1059.007 Malware - T1587.001 Malware - T1588.001 Powershell - T1059.001 Reflective Code Loading - T1620 Scheduled Task - T1053.005 Seo Poisoning - T1608.006 Server - T1583.004 Server - T1584.004 Software - T1592.002 Tool - T1588.002 Vulnerabilities - T1588.006 Credential Dumping - T1003 Powershell - T1086 Scheduled Task - T1053

Show in Graph

Common Information

Type	Value
UUID	a1432e5f-baa2-4143-ae1d-ed2fb0377968
Fingerprint	b62793b221335d4e
Analysis status	DONE
Considered CTI value	2
Text language
Published	July 27, 2022, midnight
Added to db	Sept. 11, 2022, 12:46 p.m.
Last updated	Nov. 17, 2024, 6:54 p.m.
Headline	Gootkit Loader’s Updated Tactics and Fileless Delivery of Cobalt Strike
Title	Gootkit Loader’s Updated Tactics and Fileless Delivery of Cobalt Strike
Detected Hints/Tags/Attributes	74/1/16

Source URLs

	Redirection	Url
Details	Source	https://www.trendmicro.com/en_us/research/22/g/gootkit-loaders-updated-tactics-and-fileless-delivery-of-cobalt-strike.html
Details	Source	https://www.trendmicro.com/en_us/research/22/g/gootkit-loaders-updated-tactics-and-fileless-delivery-of-cobalt-strike.html?&web_view=true
Details	Source	https://www.trendmicro.com/en_hk/research/22/g/gootkit-loaders-updated-tactics-and-fileless-delivery-of-cobalt-strike.html
Details	Source	https://www.trendmicro.com/en_ca/research/22/g/gootkit-loaders-updated-tactics-and-fileless-delivery-of-cobalt-strike.html
Details	Source	https://www.trendmicro.com/en_fi/research/22/g/gootkit-loaders-updated-tactics-and-fileless-delivery-of-cobalt-strike.html
Details	Source	https://www.trendmicro.com/en_se/research/22/g/gootkit-loaders-updated-tactics-and-fileless-delivery-of-cobalt-strike.html
Details	Source	https://www.trendmicro.com/en_ph/research/22/g/gootkit-loaders-updated-tactics-and-fileless-delivery-of-cobalt-strike.html
Details	Source	https://www.trendmicro.com/en_id/research/22/g/gootkit-loaders-updated-tactics-and-fileless-delivery-of-cobalt-strike.html
Details	Source	https://www.trendmicro.com/en_no/research/22/g/gootkit-loaders-updated-tactics-and-fileless-delivery-of-cobalt-strike.html
Details	Source	https://www.trendmicro.com/en_nl/research/22/g/gootkit-loaders-updated-tactics-and-fileless-delivery-of-cobalt-strike.html
Details	Source	https://www.trendmicro.com/en_be/research/22/g/gootkit-loaders-updated-tactics-and-fileless-delivery-of-cobalt-strike.html
Details	Source	https://www.trendmicro.com/en_gb/research/22/g/gootkit-loaders-updated-tactics-and-fileless-delivery-of-cobalt-strike.html

URL Provider

Details	Provider	Source level domain
Details	trendmicro.com	www.trendmicro.com

RSS Feed

Details	Id	Enabled	Feed title	Url	Added to db
Details	119	✔	Trend Micro Research, News and Perspectives	https://feeds.feedburner.com/TrendMicroSimplySecurity	2024-08-30 22:08

Attributes

Details	Type	#Events	CTI	Value
Details	Domain	2		learn.openschool.ua
Details	Domain	4		lakeside-fishandchips.com
Details	Domain	4		kristinee.com
Details	File	376		wscript.exe
Details	File	30		c:\windows\system32\wscript.exe
Details	File	2		3994.js
Details	File	55		test.php
Details	File	48		trojan.bat
Details	File	38		trojan.ps1
Details	sha256	2		cbc8733b9079a2efc3ca1813e302b1999e2050951e53f22bc2142a330188f6d4
Details	sha256	2		f1ece614473c7ccb663fc7133654e8b41751d4209df1a22a94f4640caff2406d
Details	sha256	1		8536bb3cc96e1188385a0e230cb43d7bdc4f7fe76f87536eda6f58f4c99fe96b
Details	IPv4	2		89.238.185.13
Details	Url	2		https://learn.openschool.ua/test.php?mthqpllauigylit=738078785565141
Details	Windows Registry Key	2		HKCU\PJZTLE
Details	Windows Registry Key	3		HKEY_CURRENT_USER\SOFTWARE\Microsoft\Phone