← Back to Pulse Feed
PULSE DETAIL
PULSE NAME
Phishing Lures Used To Drop Malware
WHITE BITSecurity 2023-03-24 Modified: 2023-04-23
281
IOCs
HIGH VOLUME
An attack campaign used various injections and traffic distribution systems (TDS) to drop commodity malware including RedLine Stealer, SocGholish, NetSupport, and SolarMarker. Compromised websites and phishing emails with malicious links were used as the initial infection vectors. Various themes were used to convince users to visit the sites including fake browser, security software, and DDoS protection updates and unsolvable captcha puzzles. The Trellix Threat Intelligence Group (TIG) gathers and analyzes information from multiple open and closed sources before disseminating intelligence reports.
httpsnetsupportsocgholishbecjavascriptredlineta569strongproofpointsczriptzzbnnetsupport ratbeyondenglishlearnratslocalsolarmarkeraugustprotectsmalltoolsfebruaryserviceredline stealericedidstealerunknownhadesbacklockbitsanctionswastedlockerdemo
MITRE ATT&CK & Malware Families
ATT&CK TECHNIQUES
MALWARE FAMILIES
Redline JavaScript BEC SocGholish NetSupport
Indicators of Compromise (31 / 281 total)
All FileHash-MD5 FileHash-SHA1 FileHash-SHA256 URL domain hostname
TYPEINDICATORDESCRIPTIONCREATED
FileHash-MD5 edde1633579f5e1f0543140cfbfa50fb MD5 of 23b14288d49610a8eef61977b7fc49a963f1261fe29b1668b4443a04eaf493cb 2023-03-24
FileHash-MD5 098307aff90f076625a1616bd87d906d MD5 of 202853bdbebfce4d5c86493abd168d25f5557be039af8fce58eeda47250083ce 2023-03-24
FileHash-MD5 35c34967d389c069ea5a70aaa4dad290 MD5 of 31d7d798d1cde0d978be8aece150160aa2e4da4ce9e5e85972dc2e15e8c8d03b 2023-03-24
FileHash-MD5 574329a75d815cbd5a7331a02399dc9e MD5 of 681ac78369f4d3688f67c3a363337e3eb855db248e92cff8a35e8abe6028ade5 2023-03-24
FileHash-MD5 801c13ee34009aa00a195fe75a577b85 MD5 of bb71d77ff7c7be3dc6957b08e57323092a43735df818b3150c41b8230c4d9be1 2023-03-24
FileHash-MD5 93a4fdd473320d37ae59ed875632e4ef MD5 of 3dd172bf8a7e2985f8387ffc4b6f2fc3ee05435b69a43d714d3137d9a5147127 2023-03-24
FileHash-MD5 c531d61231e1bbded5a5f773973ab05a MD5 of 18aeff0a97dfd33b6f0664f43ecafd18511af559002072f680a4e5929a9c7e4f 2023-03-24
FileHash-MD5 e3763ad6ab1f66bfd0240db96ccdc0be MD5 of 523be6fdb9b5740146f5d24b17193cf62ff4c35f 2023-03-24
FileHash-MD5 263263e0c4e35af815d2f7054d5e96b4 2023-03-24
FileHash-MD5 3881b6d0bf55e91c2a731c0552a5e607 2023-03-24
FileHash-MD5 3f2ff9eba9f57075741451b869ad0b8b 2023-03-24
FileHash-MD5 417b37b0a324200ea9157f51d7fbd7d6 2023-03-24
FileHash-MD5 4f1b5c3aa34f557c86aaee0412a6b626 2023-03-24
FileHash-MD5 5128c69077384524b4311ba8b8d96ca8 2023-03-24
FileHash-MD5 73b65d1668976db8ada3fd9e0718f0ee 2023-03-24
FileHash-MD5 7a286d02dc8da557b740eaea28235cac 2023-03-24
FileHash-MD5 7b573b1159d7d19f9233f324857fe14e 2023-03-24
FileHash-MD5 7f371b78db7508e13a3a091bd11a5388 2023-03-24
FileHash-MD5 89621a5262ae39cef27fb7f9039ea68e 2023-03-24
FileHash-MD5 93cae1369ca938f2f5aa5b15834c4bd5 2023-03-24
FileHash-MD5 abc3656486661dc88a6c946846524137 2023-03-24
FileHash-MD5 b64e19407e9e6c05bb78ae7a1b99e8bd 2023-03-24
FileHash-MD5 c3f160e999e4a58b4e5a7285420ebe00 2023-03-24
FileHash-MD5 cf71edf49c405ba0e0b24a0573812377 MD5 of 24f608455eacddcb2cc221576f595450ef3ae8e0 2023-03-24
FileHash-MD5 d68002702cbfc49e2c762d1cfcd742d3 2023-03-24
FileHash-MD5 dcdf66ccf8503bef04c0d3f2ba2a8308 2023-03-24
FileHash-MD5 e0c1c0f5c7dba757ef5c54b46ee30b90 MD5 of 8cd530750cb036daf4ebee569e6e44d0d4842b50 2023-03-24
FileHash-MD5 e3477cb6589134060beb84587635ce99 2023-03-24
FileHash-MD5 edf02789603a77a4c7b42dd8091babe0 2023-03-24
FileHash-MD5 fab4f3e9e3c847520539417b52bc9748 2023-03-24
FileHash-MD5 fad952daa1fcae527a979b8366d05cef 2023-03-24
References (1)
↗ https://www.proofpoint.com/us/blog/threat-insight/ta569-socgholish-and-beyond