Researcher for Gootloader malware
@gootloader.zip
📤 119
đź“Ą 5
đź“ť 637
https://gootloader.wordpress.com/
⚠️ New TTPs detected for
#Gootloader
⚠️ Out are the PDF conversions and back in are legal document lurs. They are still using
#malvertising
, not SEO poisoning.
gootloader.wordpress.com/2025/03/31/g...
loading . . .
🚨Gootloader Returns: Malware Hidden in Google Ads for Legal Documents
The threat actor behind the Gootloader malware has once again changed their tactics, but also reverted to some of their old ways. Just like with the previous infection method, we are seeing Google …
https://gootloader.wordpress.com/2025/03/31/gootloader-returns-malware-hidden-in-google-ads-for-legal-documents/
11 months ago
0
5
5
Created a new
#yara
rule for
#gootloader
, thanks to
@malwrhunterteam.bsky.social
smica83.
github.com/GootloaderSi...
loading . . .
Tools/jQuery-GootloaderJSv2.yar at main · GootloaderSites/Tools
Contribute to GootloaderSites/Tools development by creating an account on GitHub.
https://github.com/GootloaderSites/Tools/blob/main/jQuery-GootloaderJSv2.yar
about 1 year ago
0
4
1
Sorry I haven’t been active over here. Here is my latest blog update regarding Gootloader’s massive change in tactics from SEO poisoning to PDF converters
gootloader.wordpress.com/2024/11/07/g...
loading . . .
Gootloader’s Pivot from SEO Poisoning: PDF Converters Become the New Infection Vector
Three weeks ago, Gootloader samples suddenly dried up. This has happened before, so I switched VPNs and tried new locations—coffee shops, friends’, and family’s Wi-Fi networks—but still couldn’t re…
https://gootloader.wordpress.com/2024/11/07/gootloaders-pivot-from-seo-poisoning-pdf-converters-become-the-new-infection-vector/
about 1 year ago
0
5
1
Current GootLoader site, serving up malicious zip/js is hxxps://www.penhaligonsfriends.org.uk/api.php
about 2 years ago
0
0
0
Current GootLoader site, serving up malicious zip/js is hxxps://www.peleg.cn/api.php
about 2 years ago
0
0
0
Current GootLoader site, serving up malicious zip/js is hxxps://www.pedrademari.com/api.php
about 2 years ago
0
0
0
Current GootLoader site, serving up malicious zip/js is hxxps://www.papingo.gr/api.php
about 2 years ago
0
0
0
Current GootLoader site, serving up malicious zip/js is hxxps://www.nwcc-apha.com/api.php
about 2 years ago
0
0
0
Current GootLoader site, serving up malicious zip/js is hxxps://www.nomik.at/api.php
about 2 years ago
0
0
0
Current GootLoader site, serving up malicious zip/js is hxxps://www.nilsfuncke.se/api.php
about 2 years ago
0
0
0
Current GootLoader site, serving up malicious zip/js is hxxps://www.nightlightproductions.co.uk/api.php
about 2 years ago
0
0
0
Current GootLoader site, serving up malicious zip/js is hxxps://www.nico-bloxx.de/api.php
about 2 years ago
0
0
0
Current GootLoader site, serving up malicious zip/js is hxxps://www.neretva.se/api.php
about 2 years ago
0
0
0
Current GootLoader site, serving up malicious zip/js is hxxps://www.nashitalia.com/api.php
about 2 years ago
0
0
0
Current GootLoader site, serving up malicious zip/js is hxxps://www.nada-editions.fr/api.php
about 2 years ago
0
0
0
Current GootLoader site, serving up malicious zip/js is hxxps://www.nada-editions.fr/api.php
about 2 years ago
0
0
0
Current GootLoader site, serving up malicious zip/js is hxxps://www.my-cfecgc-aed.fr/api.php
about 2 years ago
0
0
0
Current GootLoader site, serving up malicious zip/js is hxxps://www.mobilcare-mintraching.de/api.php
about 2 years ago
0
0
0
Current GootLoader site, serving up malicious zip/js is hxxps://www.minorihoikuen.ed.jp/api.php
about 2 years ago
0
0
0
Current GootLoader site, serving up malicious zip/js is hxxps://www.metromediasystem.it/api.php
about 2 years ago
0
0
0
Current GootLoader site, serving up malicious zip/js is hxxps://www.messagesmusicaux.com/api.php
about 2 years ago
0
0
0
Current GootLoader site, serving up malicious zip/js is hxxps://www.meinlieblingsglas.de/api.php
about 2 years ago
0
0
0
Current GootLoader site, serving up malicious zip/js is hxxps://www.meibachtech.com/api.php
about 2 years ago
0
0
0
Current GootLoader site, serving up malicious zip/js is hxxps://www.medischdrukwerk.nl/api.php
about 2 years ago
0
0
0
Current GootLoader site, serving up malicious zip/js is hxxps://www.media-web24.de/api.php
about 2 years ago
0
0
0
Current GootLoader site, serving up malicious zip/js is hxxps://www.marmolesdelnervion.com/api.php
about 2 years ago
0
0
0
Current GootLoader site, serving up malicious zip/js is hxxps://www.marktastic.com/api.php
about 2 years ago
0
0
0
Current GootLoader site, serving up malicious zip/js is hxxps://www.marekstejskal.cz/api.php
about 2 years ago
0
0
0
Current GootLoader site, serving up malicious zip/js is hxxps://www.mammadu.org/api.php
about 2 years ago
0
0
0
Current GootLoader site, serving up malicious zip/js is hxxps://www.malfant-masson-genealogie.fr/api.php
about 2 years ago
0
0
0
Current GootLoader site, serving up malicious zip/js is hxxps://www.peterfalkewines.com/api.php
about 2 years ago
0
0
0
Current GootLoader site, serving up malicious zip/js is hxxps://www.paterskerk.nl/api.php
about 2 years ago
0
0
0
Current GootLoader site, serving up malicious zip/js is hxxps://www.ototo.com.cn/api.php
about 2 years ago
0
0
0
Current GootLoader site, serving up malicious zip/js is hxxps://www.nilsjapan.com/api.php
about 2 years ago
0
0
0
Current GootLoader site, serving up malicious zip/js is hxxps://www.nilsfuncke.se/api.php
about 2 years ago
0
0
0
Current GootLoader site, serving up malicious zip/js is hxxps://www.niepokalana.rybnik.pl/api.php
about 2 years ago
0
0
0
Current GootLoader site, serving up malicious zip/js is hxxps://www.neretva.se/api.php
about 2 years ago
0
0
0
Current GootLoader site, serving up malicious zip/js is hxxps://www.nada-editions.fr/api.php
about 2 years ago
0
0
0
Current GootLoader site, serving up malicious zip/js is hxxps://www.nachrichtenbringer.de/api.php
about 2 years ago
0
0
0
Current GootLoader site, serving up malicious zip/js is hxxps://www.mytravelstudio.com/api.php
about 2 years ago
0
0
0
Current GootLoader site, serving up malicious zip/js is hxxps://www.musicsharing.or.th/api.php
about 2 years ago
0
0
0
Current GootLoader site, serving up malicious zip/js is hxxps://www.miusyk.com/api.php
about 2 years ago
0
0
0
Current GootLoader site, serving up malicious zip/js is hxxps://www.kulturtafel-bonn.de/api.php
about 2 years ago
0
0
0
Current GootLoader site, serving up malicious zip/js is hxxps://www.kroeners-gartenwelt.de/api.php
about 2 years ago
0
0
0
Current GootLoader site, serving up malicious zip/js is hxxps://www.korensic.com/api.php
about 2 years ago
0
0
0
Current GootLoader site, serving up malicious zip/js is hxxps://www.kopingsfk.se/api.php
about 2 years ago
0
0
0
Current GootLoader site, serving up malicious zip/js is hxxps://www.koeke-pressen.de/api.php
about 2 years ago
0
0
0
Current GootLoader site, serving up malicious zip/js is hxxps://www.kobietybiznesu.eu/api.php
about 2 years ago
0
0
0
Current GootLoader site, serving up malicious zip/js is hxxps://www.kiyindo-shiatsu.com/api.php
about 2 years ago
0
0
0
Current GootLoader site, serving up malicious zip/js is hxxps://www.kikkerland.cc/api.php
about 2 years ago
0
0
0
Load more
feeds!
log in
