Gootloader (b18a505f-16ca-5b51-9bed-ae05b47c7706)
Gootloader is a Javascript-based infection framework that has been used since at least 2020 as a delivery method for the Gootkit banking trojan, Cobalt Strike, REvil, and others. Gootloader operates on an "Initial Access as a Service" model and has leveraged SEO Poisoning to provide access to entities in multiple sectors worldwide including financial, military, automotive, pharmaceutical, and energy.[Sophos Gootloader][SentinelOne Gootloader June 2021]
| Cluster A | Galaxy A | Cluster B | Galaxy B | Level |
|---|---|---|---|---|
| Gootloader (b18a505f-16ca-5b51-9bed-ae05b47c7706) | Tidal Software | BlackSuit Ransomware Actors (1d751794-ce94-4936-bf45-4ab86d0e3b6e) | Tidal Groups | 1 |