Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Gootloader malware command and control servers #56

Closed
realugbun opened this issue Mar 18, 2023 · 6 comments
Closed

Gootloader malware command and control servers #56

realugbun opened this issue Mar 18, 2023 · 6 comments
Labels
accepted enhancement question

Comments

@realugbun
Copy link

realugbun commented Mar 18, 2023
edited
Loading

Goot loader infects machines and is the first step in a ransomware attack.

A full writeup on goot loader listing the servers can be found here.

https://www.mandiant.com/resources/blog/tracking-evolution-gootloader-operations

## Goot loader command and control
0.0.0.0 jonathanbartz.com
0.0.0.0 jp.imonitorsoft.com
0.0.0.0 junk-bros.com
0.0.0.0 kakiosk.adsparkdev.com
0.0.0.0 kepw.org
0.0.0.0 kristinee.com
0.0.0.0 lakeside-fishandchips.com
@krystian3w
Copy link
Contributor

IP can not by used in HOSTS or domains list: StevenBlack/hosts#1006 StevenBlack/hosts#1004

This was referenced Mar 18, 2023
Closed
Closed
@realugbun
Copy link
Author

I have updated the request to remove pure ip addresses.

krystian3w added a commit that referenced this issue Mar 18, 2023
@krystian3w
Update hostsplus.txt
c4540fd 
#56 [ci skip]
@krystian3w krystian3w pinned this issue Mar 18, 2023
@krystian3w krystian3w changed the title Add Gootloader malware command and control servers. Gootloader malware command and control servers Mar 18, 2023
@realugbun
Copy link
Author

Thank you for adding these and thank you for maintaining the list!

@realugbun

This comment was marked as resolved.

Sign in to view
krystian3w added a commit that referenced this issue Mar 18, 2023
@krystian3w
Update hostsplus.txt
1a25190 
#56
@krystian3w
Copy link
Contributor

Addressed in 59067d3 + d09acf0.

@github-actions
Copy link

This thread was automatically locked as/because there was no activity after it was closed. Please open a new ticket for related issues.

@github-actions github-actions bot locked as resolved and limited conversation to collaborators May 21, 2023
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Assignees
No one assigned
Labels
accepted enhancement question
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@krystian3w @realugbun