Are GootLoader malware procedures mitigated on this host?

/static/assets/windows-logo.svg
CISA released an advisory in August 2022 on GootLoader, a malware loader. This TTP uses GootLoader's methods of downloading a JScript file within a Zip file, using Wscript to execute the JS file to add specific registry keys, reflectively loading a non-existent DLL, and creating a scheduled task for persistence. GootLoader may deploy Cobalt Strike Beacons, deploy banking Trojans, and even ransomware.
locked
View Command

To view this TTPs command, you must be logged in with a professional or enterprise license.

Login

Test this TTP

Download Operator (1.7.0)
Test this TTP using one of our Operator chains
Are GootLoader malware procedures mitigated on this host?

2022-08-30

/static/assets/windows-logo.svg
Emulates tactics found in GootLoader malware.