The Gootkit Trojan is Javascript-based malware that performs various malicious activities, including remote access for threat actors, keystroke capturing, video recording, email theft, password theft, and the ability to inject malicious scripts to steal online banking credentials. Malwarebytes’ researchers explain that the malicious JavaScript payloads will perform fileless attacks of either GootKit or the REvil ransomware. The same distribution method was previously used by REvil in September 2019, around the same time that the threat actors had disappeared.
Source: https://www.bleepingcomputer.com/news/security/gootkit-malware-returns-to-life-alongside-revil-ransomware/