Gootkit2
Gootkit2 (GootLoader) banking trojan+loader. Academic site dead drop. RIBA/UK lure. SEO poisoning.
Threat Profile
Type
Loader
Programming LanguageJavaScript/Node.js
C2 ProtocolHTTP
First Seen2014
Targets
Finans/UK/Almanya
Purpose / Capabilities
- Credential Stealer+Loader
C2 Servers 1
| Address | Port | Protocol | Status | Action |
|---|---|---|---|---|
hex.su
|
443 | HTTPS | INACTIVE |
⚠ C2 addresses are shared solely for threat intelligence and defensive purposes. Unauthorized access to these addresses constitutes a criminal offense.
Research Reports (1)
Gootkit 2 -- RIBA İnşaat Sözleşmesi UK Lure, Stanford + Astron Dead Drop, hex.su C2 | Kritik
Gootkit2 RIBA UK bina sozlesmesi lure. Stanford + astron-soc.in dead drop. hex.su C2. Rotspider APT.
Read Report →