Today > | 1 Medium vulnerabilities   -   You can now download lists of IOCs here!

Fake update puts visitors at risk

July 24, 2024, 8:17 a.m.

Description

This intelligence report discusses SocGholish, a JavaScript downloader used by threat actors to deliver malware payloads disguised as fake browser updates. It analyzes the recent tactics, techniques, and procedures employed by threat groups like Evil Corp in compromising WordPress websites, fingerprinting user profiles, and directing victims to malicious domains hosting the fake updates. The report also explores potential payloads delivered through SocGholish, such as Cobalt Strike, Zloader, information stealers, remote access trojans, and ransomware.

Date

Published: July 24, 2024, 8:09 a.m.

Created: July 24, 2024, 8:09 a.m.

Modified: July 24, 2024, 8:17 a.m.

Indicators

f0fbc29c86cd84ac18aeeee38de05c32fee95d6fa49425021ce0e3d3b13d2d05

78ddcf7ce945cfa92e640c53462174b21601506b39dec9731212d7d4ef8aa74d

158.160.11.208

http://africa.thesmalladventureguide.com/7nwh~

sticky.oystergardening.name

tropicalforestproducts.com

supremeceilings.co.za

rastek.id

asyncawaitapi.com

gitbrancher.com

Attack Patterns

Egregor - S0554

Ryuk - S0446

BadSpace

Lumma Stealer

Zloader

NetSupport RAT

SocGholish

Redline Stealer

Cobalt Strike - S0154

Evil Corp

T1482

T1189

T1016

T1518

T1105

T1027

T1584

T1059