New: Threat Exposure Validation Impact Report 2025
Learn More
Join our Summer Webinar Series on Threat Exposure Validation
Register Now

Goot Camp Gootloader Operation

February 8, 2023

The Goot Camp campaign targeted users looking for business-related documents online to drop variants from the GootLoader malware family. Downloading and opening the malicious ZIP archive launched a series of scripts resulting in the system infected with malicious software including a Cobalt Strike beacon. The operation also used the FONELAUNCH and SNOWCONE loaders to retrieve payloads from remote locations and load malicious code into memory.