Fake update puts visitors at risk
July 24, 2024, 8:17 a.m.
Tags
External References
Description
This intelligence report discusses SocGholish, a JavaScript downloader used by threat actors to deliver malware payloads disguised as fake browser updates. It analyzes the recent tactics, techniques, and procedures employed by threat groups like Evil Corp in compromising WordPress websites, fingerprinting user profiles, and directing victims to malicious domains hosting the fake updates. The report also explores potential payloads delivered through SocGholish, such as Cobalt Strike, Zloader, information stealers, remote access trojans, and ransomware.
Date
Published: July 24, 2024, 8:09 a.m.
Created: July 24, 2024, 8:09 a.m.
Modified: July 24, 2024, 8:17 a.m.
Indicators
f0fbc29c86cd84ac18aeeee38de05c32fee95d6fa49425021ce0e3d3b13d2d05
78ddcf7ce945cfa92e640c53462174b21601506b39dec9731212d7d4ef8aa74d
158.160.11.208
http://africa.thesmalladventureguide.com/7nwh~
sticky.oystergardening.name
tropicalforestproducts.com
supremeceilings.co.za
rastek.id
asyncawaitapi.com
gitbrancher.com
Attack Patterns
Egregor - S0554
Ryuk - S0446
BadSpace
Lumma Stealer
Zloader
NetSupport RAT
SocGholish
Redline Stealer
Cobalt Strike - S0154
Evil Corp
T1482
T1189
T1016
T1518
T1105
T1027
T1584
T1059