Gootkit Italian Campaign Overview
- by nlqip
(We wanted to give an assessment of JS redirection content, but it was not reachable at the time of writing; we can assume by script name it had an output of a blank page response or other misleading action.)
Conclusion
Gootkit remains active by maintaining this campaign of redirection. We’ve noticed multiple configurations targeting the same region for the past year. Gootkit tries to protect itself even after infecting the system from legitimate AV product sites and even from additional known download mirrors. This type of attention to detail proves that this malware means business and is ready to disrupt the inner components of bank sites and other defense tools. Since this malware has declared Italy as part of its attack agenda, we recommend Italian users exercise caution when opening email links, as this is a primary infection vector. Since Gootkit blocks access to AV tools, we also recommend organizations prepare local copies of malware scanning and clean up tools so they can respond quickly in an emergency.
MD5:
6523766972839c645e20c24da11513db
f7d41fc527ffc5b5d5f70d3e42c9f7ff
7dfd903cb33663cf9024866d998a5470
C2:
37[.]10[.]71[.]157
176[.]10[.]118[.]118
194[.]76[.]225[.]28
Source link
lol
(We wanted to give an assessment of JS redirection content, but it was not reachable at the time of writing; we can assume by script name it had an output of a blank page response or other misleading action.) Conclusion Gootkit remains active by maintaining this campaign of redirection. We’ve noticed multiple configurations targeting the…
Recent Posts
- Hackers Strike at Heart of Italian Government
- The Rise of Ransomware-as-a-Service and Decline of Custom Tool Development | BlackFog
- Canadian Suspect Arrested Over Snowflake Data Breach and Extortion Attacks
- Malware Campaign Uses Ethereum Smart Contracts to Control npm Typosquat Packages
- Google Warns of Actively Exploited CVE-2024-43093 Vulnerability in Android System