← Back to Pulse Feed
PULSE DETAIL
PULSE NAME
SocGholish’s Intrusion Techniques Facilitate Distribution of RansomHub Ransomware
WHITE CyberHunter_NL 2025-03-18 Modified: 2025-04-17
49
IOCs
MEDIUM VOLUME
Trend Research analyzed SocGholish’s MaaS framework and its role in deploying RansomHub ransomware through compromised websites, using highly obfuscated JavaScript loaders to evade detection and execute various malicious tasks.
descriptionadsidnshostnamedatasamaccountnamemailgetcontentstateencryptedkeyupdatetriggerpassransomhub
MITRE ATT&CK & Malware Families
ATT&CK TECHNIQUES
MALWARE FAMILIES
RansomHub
Indicators of Compromise (49)
All domain hostname
TYPEINDICATORDESCRIPTIONCREATED
domain apiexplorerzone.com 2025-03-18
domain blacksaltys.com 2025-03-18
domain blackshelter.org 2025-03-18
domain blessedwirrow.org 2025-03-18
domain brickedpack.com 2025-03-18
domain digdonger.org 2025-03-18
domain foundedbrounded.org 2025-03-18
domain newgoodfoodmarket.com 2025-03-18
domain newgreenvibes.com 2025-03-18
domain packedbrick.com 2025-03-18
domain rapiddevapi.com 2025-03-18
domain rednosehorse.com 2025-03-18
domain smthwentwrong.com 2025-03-18
hostname academy.entrepreneurwealthhub.com 2025-03-18
hostname btctrading.crestlinesolutions.work 2025-03-18
hostname ceo.cowholesaling.com 2025-03-18
hostname certificate.hypnotherapy-training.co.nz 2025-03-18
hostname cluster.buydoorlitesandlouvers.com 2025-03-18
hostname cpanel.buyjlindustriesonline.com 2025-03-18
hostname cpanel.kreativelife.net 2025-03-18
hostname crm.bestintownpro.com 2025-03-18
hostname customer.aaddigitalstrategies.com 2025-03-18
hostname dashboard.nzlifecoaching.com 2025-03-18
hostname estate.envisionfonddulac.org 2025-03-18
hostname exchange.tuckx.com 2025-03-18
hostname exclusive.nobogoods.com 2025-03-18
hostname gemini.1stpagegold.com 2025-03-18
hostname hub.unlimitedcashflowevent.com 2025-03-18
hostname mail.aestheticfina.com 2025-03-18
hostname nevada.mandros.us 2025-03-18
hostname newsite.iapmd.org 2025-03-18
hostname order.buyanemostatonline.com 2025-03-18
hostname portal.miaariacademy.com 2025-03-18
hostname preview.jpainting.ca 2025-03-18
hostname programs.edlester.com 2025-03-18
hostname regular.ptbaconsulting.com 2025-03-18
hostname round.micha.ai 2025-03-18
hostname seminary.envisionfonddulac.com 2025-03-18
hostname slot.buyaiphoneonline.com 2025-03-18
hostname software.adx-crm.com 2025-03-18
hostname sponsor.sewacanada.org 2025-03-18
hostname static.buyweatherstriponline.com 2025-03-18
hostname subscribe.bigeznola.com 2025-03-18
hostname support.myfirstdealplaybook.com 2025-03-18
hostname trial.buyintercomsonline.com 2025-03-18
hostname webmail.ebuildingsource.com 2025-03-18
hostname whcms.greendreamcannabis.com 2025-03-18
hostname windows.envisionfonddulac.net 2025-03-18
hostname zone.ebuilderssource.com 2025-03-18
References (1)
↗ https://www.trendmicro.com/en_us/research/25/c/socgholishs-intrusion-techniques-facilitate-distribution-of-rans.html