GootBot, a new variant of the GootLoader malware, has been detected to enable lateral movement on compromised systems and avoid detection.
Golo Mühr and Ole Villadsen of IBM X-Force said that the GootLoader group introduced their own custom bot into the final stages of their attack chain in an effort to evade detection while employing commercial C2 tools like CobaltStrike or RDP.
“This new variant is a lightweight but effective malware allowing attackers to rapidly spread throughout the network and deploy further payloads,” the researchers explained.
As its name suggests, GootLoader is a malware that can lure in potential victims by employing search engine optimisation (SEO) poisoning techniques, and once inside, it can download more sophisticated malware. It is linked to a threat actor known as UNC2565, also tracked as Hive0127.
The use of GootBot suggests a change in strategy from post-exploitation frameworks like Co
[…]
Content was cut in order to protect the source.Please visit the source for the rest of the article.
[…]
Content was cut in order to protect the source.Please visit the source for the rest of the article.
This article has been indexed from CySecurity News – Latest Information Security and Hacking Incidents
Read the original article: