← Back to Pulse Feed
PULSE DETAIL
PULSE NAME
Phishing Lures Used To Drop Malware
WHITE BITSecurity 2023-03-24 Modified: 2023-04-23
281
IOCs
HIGH VOLUME
An attack campaign used various injections and traffic distribution systems (TDS) to drop commodity malware including RedLine Stealer, SocGholish, NetSupport, and SolarMarker. Compromised websites and phishing emails with malicious links were used as the initial infection vectors. Various themes were used to convince users to visit the sites including fake browser, security software, and DDoS protection updates and unsolvable captcha puzzles. The Trellix Threat Intelligence Group (TIG) gathers and analyzes information from multiple open and closed sources before disseminating intelligence reports.
httpsnetsupportsocgholishbecjavascriptredlineta569strongproofpointsczriptzzbnnetsupport ratbeyondenglishlearnratslocalsolarmarkeraugustprotectsmalltoolsfebruaryserviceredline stealericedidstealerunknownhadesbacklockbitsanctionswastedlockerdemo
MITRE ATT&CK & Malware Families
ATT&CK TECHNIQUES
MALWARE FAMILIES
Redline JavaScript BEC SocGholish NetSupport
Indicators of Compromise (30 / 281 total)
All FileHash-MD5 FileHash-SHA1 FileHash-SHA256 URL domain hostname
TYPEINDICATORDESCRIPTIONCREATED
FileHash-SHA1 4233ff7941da62b86fc2c2d92be0572c9ab534c8 SHA1 of 23b14288d49610a8eef61977b7fc49a963f1261fe29b1668b4443a04eaf493cb 2023-03-24
FileHash-SHA1 288603f501926756c236e368a1fdc7d128f4f9a1 SHA1 of 3dd172bf8a7e2985f8387ffc4b6f2fc3ee05435b69a43d714d3137d9a5147127 2023-03-24
FileHash-SHA1 408be5f4c36b93cf651b08f1f37d2b938aeee596 SHA1 of 31d7d798d1cde0d978be8aece150160aa2e4da4ce9e5e85972dc2e15e8c8d03b 2023-03-24
FileHash-SHA1 5aa0e3a599f5f6256a514b9702f41ca136cb5e87 SHA1 of 681ac78369f4d3688f67c3a363337e3eb855db248e92cff8a35e8abe6028ade5 2023-03-24
FileHash-SHA1 97e847133c35887b42d95416d206f05f35955aa1 SHA1 of bb71d77ff7c7be3dc6957b08e57323092a43735df818b3150c41b8230c4d9be1 2023-03-24
FileHash-SHA1 b480589089e452d7c082fdb2f03a3c5512d5c266 SHA1 of 18aeff0a97dfd33b6f0664f43ecafd18511af559002072f680a4e5929a9c7e4f 2023-03-24
FileHash-SHA1 f7d3fac2e9cfe3a9fa227f1e06b16d8e8ccea9e1 SHA1 of 202853bdbebfce4d5c86493abd168d25f5557be039af8fce58eeda47250083ce 2023-03-24
FileHash-SHA1 523be6fdb9b5740146f5d24b17193cf62ff4c35f 2023-03-24
FileHash-SHA1 196724d6f8cf530280013afb969554b8802a6c00 2023-03-24
FileHash-SHA1 2223aea5f9433d94d0dfb0cd4d5ecd0bbb613454 2023-03-24
FileHash-SHA1 24f608455eacddcb2cc221576f595450ef3ae8e0 2023-03-24
FileHash-SHA1 2cf87107aaf9441053a7526762a9c6fc19c9e4e2 2023-03-24
FileHash-SHA1 2f64087ebbd1c7633a183c3ed110e5d9f0bac342 2023-03-24
FileHash-SHA1 4524894a91f6de4262784162a0a2c1f774734dc4 2023-03-24
FileHash-SHA1 68ffe19e318a1ff588bfedf1cd994f80c6e8d935 2023-03-24
FileHash-SHA1 71ee84e62646f2dbf3a9e36587a7fde7e7b1998d 2023-03-24
FileHash-SHA1 75a4690028051f5eb8df5195a5bec283066b8420 2023-03-24
FileHash-SHA1 7d5833e5da7119efdd2f73663bf79ca515113fe2 2023-03-24
FileHash-SHA1 7f10dc72be06fcd7ce0accb0cd90ca9974761f76 2023-03-24
FileHash-SHA1 81b8f10eba80a891dd4c661157e62b0701f17e0f 2023-03-24
FileHash-SHA1 8693c1ec31b1f6047661786b007603fdad268975 2023-03-24
FileHash-SHA1 8cd530750cb036daf4ebee569e6e44d0d4842b50 2023-03-24
FileHash-SHA1 9c931c0f935820b1e19533b4bf47531b4c0425b9 2023-03-24
FileHash-SHA1 aa64ce83b0c7e0b2083325a916da0c9f1e4a32a2 2023-03-24
FileHash-SHA1 befa0e642a57c8a114ad3aaba3b6df6253913d24 2023-03-24
FileHash-SHA1 cefec22e66b4686d16ff545dca83bccf9e4efeaf 2023-03-24
FileHash-SHA1 cf04227323e97c5333bbb6704661e7f48214db6c 2023-03-24
FileHash-SHA1 d2e02d18fc000d6db7a1e0cc9f046a37b5dfe88b 2023-03-24
FileHash-SHA1 e89c8128a7a797d0112e294b116c2de5a7aba030 2023-03-24
FileHash-SHA1 ea98f2b94284ea53dbf37d02ebcb9cc6e0d51780 2023-03-24
References (1)
↗ https://www.proofpoint.com/us/blog/threat-insight/ta569-socgholish-and-beyond