Threat Advisories

Infection and Evolution of the GOOTLOADER Malware

February 1, 2023

Threat Level

Red

Attack Report

For a detailed threat advisory, download the pdf file here

Summary

GOOTLOADER malware infects via malicious archive download, executing JavaScript and PowerShell, delivering FONELAUNCH, Cobalt Strike BEACON/SNOWCONE, with the latest variant writing JavaScript to disk and creating a task.

Proof-of-concept released for Windows CryptoAPI vulnerability

Uncovering the Threat of BlueBravo with GraphicalNeutrino and BEATDROP