Gootkit2

Gootkit2 (GootLoader) banking trojan+loader. Academic site dead drop. RIBA/UK lure. SEO poisoning.

Threat Profile
Type Loader
Programming LanguageJavaScript/Node.js
C2 ProtocolHTTP
First Seen2014
Targets Finans/UK/Almanya
Purpose / Capabilities
  • Credential Stealer+Loader

C2 Servers 1

Address Port Protocol Status Action
hex.su
443 HTTPS INACTIVE

⚠ C2 addresses are shared solely for threat intelligence and defensive purposes. Unauthorized access to these addresses constitutes a criminal offense.

Research Reports (1)

Critical

Gootkit 2 -- RIBA İnşaat Sözleşmesi UK Lure, Stanford + Astron Dead Drop, hex.su C2 | Kritik

Gootkit2 RIBA UK bina sozlesmesi lure. Stanford + astron-soc.in dead drop. hex.su C2. Rotspider APT.

Read Report →