From 534dacb7fb0a20835c12cc3bdf756d3deea25bee Mon Sep 17 00:00:00 2001
From: Delta-Sierra <deborah.servili@gmail.com>
Date: Fri, 26 Aug 2022 10:12:36 +0200
Subject: [PATCH] add GootLoader

---
 clusters/tool.json | 11 +++++++++++
 1 file changed, 11 insertions(+)

diff --git a/clusters/tool.json b/clusters/tool.json
index cd43121..64d3048 100644
--- a/clusters/tool.json
+++ b/clusters/tool.json
@@ -8559,6 +8559,17 @@
       },
       "uuid": "2bea2cc9-c1cc-453d-a483-541b895867d1",
       "value": "MOUSEISLAND"
+    },
+    {
+      "description": "GootLoader is a malware loader historically associated with the GootKit malware. As its developers updated its capabilities, GootLoader has evolved from a loader downloading a malicious payload into a multi-payload malware platform. As a loader malware, GootLoader is usually the first-stage of a system compromise. By leveraging search engine poisoning, GootLoader’s developers may compromise or create websites that rank highly in search engine results, such as Google search results. How is it delivered? Via Malicious files available for download on compromised websites that rank high as search engine results",
+      "meta": {
+        "refs": [
+          "https://www.cyber.nj.gov/alerts-advisories/gootloader-malware-platform-uses-sophisticated-techniques-to-deliver-malware",
+          "https://blogs.blackberry.com/en/2022/07/gootloader-from-seo-poisoning-to-multi-stage-downloader"
+        ]
+      },
+      "uuid": "0bdb6f1c-1229-4556-a535-7444ddfbd7a9",
+      "value": "GootLoader"
     }
   ],
   "version": 153