Gootloader malware command and control servers

Question

Gootloader malware command and control servers

Closed this issue a year ago · 6 comments

Goot loader infects machines and is the first step in a ransomware attack.

A full writeup on goot loader listing the servers can be found here.

https://www.mandiant.com/resources/blog/tracking-evolution-gootloader-operations

## Goot loader command and control
0.0.0.0 jonathanbartz.com
0.0.0.0 jp.imonitorsoft.com
0.0.0.0 junk-bros.com
0.0.0.0 kakiosk.adsparkdev.com
0.0.0.0 kepw.org
0.0.0.0 kristinee.com
0.0.0.0 lakeside-fishandchips.com

Answer 1 · 2023-03-18T19:27:08.000Z

IP can not by used in HOSTS or domains list: StevenBlack/hosts#1006 StevenBlack/hosts#1004

Answer 2 · 2023-03-18T19:30:56.000Z

I have updated the request to remove pure ip addresses.

Answer 3 · 2023-03-18T19:40:12.000Z

Thank you for adding these and thank you for maintaining the list!

Answer 4 · 2023-03-18T19:43:27.000Z

Looks like the j in junk-bros.com was missed.
c4540fd

Answer 5 · 2023-03-18T19:48:55.000Z

Addressed in 59067d3 + d09acf0.

Answer 6 · 2023-05-21T00:47:04.000Z

This thread was automatically locked as/because there was no activity after it was closed. Please open a new ticket for related issues.