New GOOTLOADER Variant Evolves Further with New Obfuscation Tricks

The UNC2565 hacker group appears to have restructured its GOOTLOADER (or Gootkit) malware by adding new components and implementing new obfuscation techniques. Gootkit is used by adversaries to drop additional malicious payloads, such as SunCrypt, REvil (Sodinokibi) ransomware, Kronos trojan, and Cobalt Strike, on compromised systems.