← Back to Pulse Feed
PULSE DETAIL
PULSE NAME
Phishing Lures Used To Drop Malware
WHITE BITSecurity 2023-03-24 Modified: 2023-04-23
281
IOCs
HIGH VOLUME
An attack campaign used various injections and traffic distribution systems (TDS) to drop commodity malware including RedLine Stealer, SocGholish, NetSupport, and SolarMarker. Compromised websites and phishing emails with malicious links were used as the initial infection vectors. Various themes were used to convince users to visit the sites including fake browser, security software, and DDoS protection updates and unsolvable captcha puzzles. The Trellix Threat Intelligence Group (TIG) gathers and analyzes information from multiple open and closed sources before disseminating intelligence reports.
httpsnetsupportsocgholishbecjavascriptredlineta569strongproofpointsczriptzzbnnetsupport ratbeyondenglishlearnratslocalsolarmarkeraugustprotectsmalltoolsfebruaryserviceredline stealericedidstealerunknownhadesbacklockbitsanctionswastedlockerdemo
MITRE ATT&CK & Malware Families
ATT&CK TECHNIQUES
MALWARE FAMILIES
Redline JavaScript BEC SocGholish NetSupport
Indicators of Compromise (31 / 281 total)
All FileHash-MD5 FileHash-SHA1 FileHash-SHA256 URL domain hostname
TYPEINDICATORDESCRIPTIONCREATED
FileHash-SHA256 23b14288d49610a8eef61977b7fc49a963f1261fe29b1668b4443a04eaf493cb SHA256 of 4233ff7941da62b86fc2c2d92be0572c9ab534c8 2023-03-24
FileHash-SHA256 13d576dde555a93f8e5ec567e61a44cae663c83b9878bbed7f1e37ee47fb9ee8 2023-03-24
FileHash-SHA256 18aeff0a97dfd33b6f0664f43ecafd18511af559002072f680a4e5929a9c7e4f SHA256 of b480589089e452d7c082fdb2f03a3c5512d5c266 2023-03-24
FileHash-SHA256 202853bdbebfce4d5c86493abd168d25f5557be039af8fce58eeda47250083ce SHA256 of f7d3fac2e9cfe3a9fa227f1e06b16d8e8ccea9e1 2023-03-24
FileHash-SHA256 31d7d798d1cde0d978be8aece150160aa2e4da4ce9e5e85972dc2e15e8c8d03b SHA256 of 408be5f4c36b93cf651b08f1f37d2b938aeee596 2023-03-24
FileHash-SHA256 388bbd8b592cebe4a0a32351969fe2e19e454af24ff6683524c71f74e0320ac0 2023-03-24
FileHash-SHA256 3dd172bf8a7e2985f8387ffc4b6f2fc3ee05435b69a43d714d3137d9a5147127 SHA256 of 288603f501926756c236e368a1fdc7d128f4f9a1 2023-03-24
FileHash-SHA256 52b43d0f11bca924e2ef8d7863309c337910f6a542bf990446b8cd3f87b0800e 2023-03-24
FileHash-SHA256 681ac78369f4d3688f67c3a363337e3eb855db248e92cff8a35e8abe6028ade5 SHA256 of 5aa0e3a599f5f6256a514b9702f41ca136cb5e87 2023-03-24
FileHash-SHA256 7a1fd70d092ebad80ba298e80147eddcd115194848591c2c23ded266a4881b6e 2023-03-24
FileHash-SHA256 83cea606cc5d6c671b6b100b6dc3b93786a103b1faf106ce21b4ace02a8369fc 2023-03-24
FileHash-SHA256 8f3bb770ad8cafcabe4eba9f67ba79f353ddee4caf30532e724bdeb15489df64 2023-03-24
FileHash-SHA256 9322965adfa126aa09811ed703da19f588688a65a29bc8cf31612c7b2217fd47 2023-03-24
FileHash-SHA256 bb71d77ff7c7be3dc6957b08e57323092a43735df818b3150c41b8230c4d9be1 SHA256 of 97e847133c35887b42d95416d206f05f35955aa1 2023-03-24
FileHash-SHA256 c1dadb7ed2a9ba97bd440dcfc18519da5887f473d9f635a0975d742fa3f80ee6 2023-03-24
FileHash-SHA256 cbcf193959725222c09482cd5ff685b63c0a6b564e6e07fa7f605bc3bcc2ba6e 2023-03-24
FileHash-SHA256 e05d89f9ab911a5dc7c18f1bae0f7030a2f1f158987551755c43638b917d9808 2023-03-24
FileHash-SHA256 e5d2e65fdcbf20894fbc525fdc15157c16ee8f936d433e27c9266764a40d7a85 2023-03-24
FileHash-SHA256 bad534540ed575c213bd34fe1f21c6ffca58169e9c9c83669749c3f6e398ea4b SHA256 of 523be6fdb9b5740146f5d24b17193cf62ff4c35f 2023-03-24
FileHash-SHA256 09d3a3eab810cd5dc37641f4f74b6de7f634589d68f6a990b8f5296e4e48501d 2023-03-24
FileHash-SHA256 0d357a2440537e073c4eeb16a7d109d5eb367557674e8d16615fdb06fb9a2089 2023-03-24
FileHash-SHA256 23bea4bb6c911fa0d655a4fc2f13d237b19a2dc165b79e00f98919fd1a21b04f 2023-03-24
FileHash-SHA256 36dbd2428d6ee76af1e5a4719058c28637963241579dd5aba716d79d26bd0543 2023-03-24
FileHash-SHA256 3d0bc49f6a4dc55286119be8ec8e24fd1a18f8e817fc4c7809ec018112349699 SHA256 of 8cd530750cb036daf4ebee569e6e44d0d4842b50 2023-03-24
FileHash-SHA256 76b3d17196dd9e99eadd46e8bc760ec8809a0c723f66fb687ab8576dd1299e34 2023-03-24
FileHash-SHA256 a82a9e1f6667350808a19219d586d10bcea85cf73b67024d8c58366981fe4993 2023-03-24
FileHash-SHA256 a848e30ce1de8bb52766938f09c90a5c192096820e0890c787b7a352c59ec95b SHA256 of 24f608455eacddcb2cc221576f595450ef3ae8e0 2023-03-24
FileHash-SHA256 d0449da712948e6cac7a9b9c35a184b80d7127b9be2ac9b24e2fa3e7d4510e53 2023-03-24
FileHash-SHA256 e06a55623a52e7c8b0b3b46301a23ef00fb31e98a7d2b9eb5ab3ae513a199646 2023-03-24
FileHash-SHA256 e47a70734571d7c3f11375e6b41dfad08c9a0b712612c4b55b20f8e85551ceb9 2023-03-24
FileHash-SHA256 efb0bb2fa8929e4889eb982d7351e844af05b7efd0d0b721a2911d89f0a66eea 2023-03-24
References (1)
↗ https://www.proofpoint.com/us/blog/threat-insight/ta569-socgholish-and-beyond