← Back to Pulse Feed
PULSE DETAIL
PULSE NAME
TA569: SocGholish and Beyond
WHITE AlienVault 2023-02-27 Modified: 2023-03-29
217
IOCs
HIGH VOLUME
TA569 is a prolific threat actor primarily known for its deployment of website injections leading to a JavaScript payload known as SocGholish. In the past few months researchers have observed changes in the tactics, techniques, and procedures (TTPs) employed by TA569. Changes include an increase in the quantity of injection varieties, as well as payloads deviating from the standard SocGholish “Fake Update” JavaScript packages.
SocGholishta569sczriptzzbnInitial Access Brokers
MITRE ATT&CK & Malware Families
ATT&CK TECHNIQUES
MALWARE FAMILIES
Redline SocGholish NetSupport RAT solarmarker IcedID
Indicators of Compromise (7 / 217 total)
All FileHash-MD5 FileHash-SHA1 FileHash-SHA256 URL domain hostname
TYPEINDICATORDESCRIPTIONCREATED
FileHash-MD5 edde1633579f5e1f0543140cfbfa50fb MD5 of 23b14288d49610a8eef61977b7fc49a963f1261fe29b1668b4443a04eaf493cb 2023-02-27
FileHash-MD5 098307aff90f076625a1616bd87d906d MD5 of 202853bdbebfce4d5c86493abd168d25f5557be039af8fce58eeda47250083ce 2023-02-27
FileHash-MD5 35c34967d389c069ea5a70aaa4dad290 MD5 of 31d7d798d1cde0d978be8aece150160aa2e4da4ce9e5e85972dc2e15e8c8d03b 2023-02-27
FileHash-MD5 574329a75d815cbd5a7331a02399dc9e MD5 of 681ac78369f4d3688f67c3a363337e3eb855db248e92cff8a35e8abe6028ade5 2023-02-27
FileHash-MD5 801c13ee34009aa00a195fe75a577b85 MD5 of bb71d77ff7c7be3dc6957b08e57323092a43735df818b3150c41b8230c4d9be1 2023-02-27
FileHash-MD5 93a4fdd473320d37ae59ed875632e4ef MD5 of 3dd172bf8a7e2985f8387ffc4b6f2fc3ee05435b69a43d714d3137d9a5147127 2023-02-27
FileHash-MD5 c531d61231e1bbded5a5f773973ab05a MD5 of 18aeff0a97dfd33b6f0664f43ecafd18511af559002072f680a4e5929a9c7e4f 2023-02-27
References (1)
↗ https://www.proofpoint.com/us/blog/threat-insight/ta569-socgholish-and-beyond