{"id":156550,"date":"2023-01-29T01:23:03","date_gmt":"2023-01-29T07:23:03","guid":{"rendered":"https:\/\/lifeboat.com\/blog\/2023\/01\/gootkit-malware-continues-to-evolve-with-new-components-and-obfuscations"},"modified":"2023-01-29T01:23:03","modified_gmt":"2023-01-29T07:23:03","slug":"gootkit-malware-continues-to-evolve-with-new-components-and-obfuscations","status":"publish","type":"post","link":"https:\/\/lifeboat.com\/blog\/2023\/01\/gootkit-malware-continues-to-evolve-with-new-components-and-obfuscations","title":{"rendered":"Gootkit Malware Continues to Evolve with New Components and Obfuscations"},"content":{"rendered":"<p><a class=\"aligncenter blog-photo\" href=\"https:\/\/lifeboat.com\/blog.images\/gootkit-malware-continues-to-evolve-with-new-components-and-obfuscations.jpg\"><\/a><\/p>\n<p>The threat actors associated with the Gootkit malware have made \u201cnotable changes\u201d to their toolset, adding new components and obfuscations to their infection chains.<\/p>\n<p>Google-owned Mandiant is <a href=\"https:\/\/www.mandiant.com\/resources\/blog\/tracking-evolution-gootloader-operations\" rel=\"noopener\" target=\"_blank\">monitoring<\/a> the activity cluster under the moniker <strong>UNC2565<\/strong>, noting that the usage of the malware is \u201cexclusive to this group.\u201d<\/p>\n<p><a href=\"https:\/\/thehackernews.com\/2021\/03\/gootkit-rat-using-seo-to-distribute.html\" rel=\"noopener\" target=\"_blank\">Gootkit<\/a>, also called Gootloader, is spread through compromised websites that victims are tricked into visiting when searching for business-related documents like agreements and contracts via a technique called search engine optimization (SEO) poisoning.<\/p>\n","protected":false},"excerpt":{"rendered":"<p>The threat actors associated with the Gootkit malware have made \u201cnotable changes\u201d to their toolset, adding new components and obfuscations to their infection chains. Google-owned Mandiant is monitoring the activity cluster under the moniker UNC2565, noting that the usage of the malware is \u201cexclusive to this group.\u201d Gootkit, also called Gootloader, is spread through compromised [\u2026]<\/p>\n","protected":false},"author":427,"featured_media":0,"comment_status":"open","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[43,34],"tags":[],"class_list":["post-156550","post","type-post","status-publish","format-standard","hentry","category-business","category-cybercrime-malcode"],"_links":{"self":[{"href":"https:\/\/lifeboat.com\/blog\/wp-json\/wp\/v2\/posts\/156550","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/lifeboat.com\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/lifeboat.com\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/lifeboat.com\/blog\/wp-json\/wp\/v2\/users\/427"}],"replies":[{"embeddable":true,"href":"https:\/\/lifeboat.com\/blog\/wp-json\/wp\/v2\/comments?post=156550"}],"version-history":[{"count":0,"href":"https:\/\/lifeboat.com\/blog\/wp-json\/wp\/v2\/posts\/156550\/revisions"}],"wp:attachment":[{"href":"https:\/\/lifeboat.com\/blog\/wp-json\/wp\/v2\/media?parent=156550"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/lifeboat.com\/blog\/wp-json\/wp\/v2\/categories?post=156550"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/lifeboat.com\/blog\/wp-json\/wp\/v2\/tags?post=156550"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}