February 17, 2025
Proactive Defense: The Importance of Incident Response Planning in Cybersecurity
Rewterz Threat Advisory – CVE-2022-45400 – Jenkins JAPEX Plugin Vulnerability
November 17, 2022Rewterz Threat Advisory – CVE-2022-45401 – Jenkins Associated Files Plugin Vulnerability
November 17, 2022Rewterz Threat Advisory – CVE-2022-45400 – Jenkins JAPEX Plugin Vulnerability
November 17, 2022Rewterz Threat Advisory – CVE-2022-45401 – Jenkins Associated Files Plugin Vulnerability
November 17, 2022
Severity
High
Analysis Summary
GootLoader – a multi-staged JavaScript malware package, has been seen in the wild since late 2020. It initially gained popularity as a sophisticated multi-staged downloader of GootKit malware. This dropper’s payload delivery has progressed over time, and its payload capabilities have expanded beyond only distributing its namesake malware.
GootLoader leverage SEO poisoning tactics to prominently promote links to its malware in internet search results, drawing in as many unknowing victims as possible. The group was also seen utilizing overlays to show a fake forum page over blog articles with highly targeted material related to government, finances, legal, healthcare, and education.
Impact
- Information Theft
- Unauthorized Access
- SEO Poisoning
Indicators of Compromise
MD5
- b4787132e72dfe263147fa28356d6821
- e73222c21021c6e1c0bf6e1cef3d0f57
- 4e0c11836497f607f024f61213acb8b5
- 091c31bea1c79b6b8fdbbbb4eabce5d0
- 574edab13b0873c16b8f500ac922a39d
- 15c75fee4711435bc6ab74a83de18f27
SHA-256
- 14b0c3d3da7d6fbc9403e90a300f7ffaf737d1526cfa462180bb86d5130d2c19
- b91e8d68481d4c5ce3ce32588278650d71ee84d7bfdd06f42393350356bfbd0d
- d3ac70c5df732ce13b7350851473561e765de27964c1da2eae7a7d82ea0abf03
- 44dbcd69092e1c7b4191b56477ff9d03e5239f0d1b232dfdb2f076aa90b82fd6
- c1baa77c6415b6b2a99222c7741deda700908ee362a46f7a7c15ec69efbdc3e6
- 20f6f70a7c75b9568a33583bfc7c907bdfb6fec2b2bc60ffb3247f665d6ee0e4
SHA-1
- b3ea089596e428872b7e8bfd832d5bf505d88fa9
- 1e512cd5413d42a1e3dd100c1b70dbd1f14ea7c0
- 4f15815467b6e202db1870004d1fe7db2e2370cc
- c1841aa22e91a23e3de1495a5e5ccf5adcff53c5
- 0c5e405f8d6b94e23f96df57b53f7da9d29b097a
- 044697f1c5bcef182e61ca904c07704f7faf834b
Remediation
- Block all threat indicators at your respective controls.
- Search for Indicators of compromise (IOCs) in your environment utilizing your respective security controls
- Never trust or open ” links and attachments received from unknown sources/senders.
- Do not download document ?les attached in emails from unknown sources and strictly refrain from enabling macros when the source isn’t reliable.