Threat Group Cards: A Threat Actor Encyclopedia
Archived: 2026-04-05 17:13:12 UTC
Home > List all groups > List all tools > List all groups using tool Gootkit
 Tool: Gootkit
Names
Gootkit
Gootloader
Xswkit
talalpek
Waldek
Category Malware
Type Backdoor, Banking trojan, Credential stealer, Info stealer
Description
(Sentinel Labs) The Gootkit Banking Trojan was discovered back in 2014, and utilizes the
Node.JS library to perform a range of malicious tasks, from website injections and
password grabbing, all the way up to video recording and remote VNC capabilities. Since
its discovery in 2014, the actors behind Gootkit have continued to update the codebase to
slow down analysis and thwart automated sandboxes. This post will take a look into the
first stage of Gootkit, which contains the unpacking phase and a malicious downloader
that sets up the infected system, and its multiple anti-analysis mechanisms.
Information https://apt.etda.or.th/cgi-bin/listgroups.cgi?u=3211a3c1-ebff-42f3-9139-87e77b266759
Page 1 of 2

Malpedia AlienVault OTX Last change to this tool card: 26 August 2024
Download this tool card in JSON format
All groups using tool Gootkit
Changed Name Country Observed
Other groups
 TA554 [Unknown] 2017
1 group listed (0 APT, 1 other, 0 unknown)
Source: https://apt.etda.or.th/cgi-bin/listgroups.cgi?u=3211a3c1-ebff-42f3-9139-87e77b266759
https://apt.etda.or.th/cgi-bin/listgroups.cgi?u=3211a3c1-ebff-42f3-9139-87e77b266759
Page 2 of 2