CISA released an advisory in August 2022 on GootLoader, a malware loader. This TTP uses GootLoader's methods of downloading a JScript file within a Zip file, using Wscript to execute the JS file to add specific registry keys, reflectively loading a non-existent DLL, and creating a scheduled task for persistence. GootLoader may deploy Cobalt Strike Beacons, deploy banking Trojans, and even ransomware.
View Command
To view this TTPs command, you must be logged in with a professional or enterprise license.