SocGholish - это структура атаки, которую злоумышленники используют, по крайней мере, с 2020 года. Термин Soc относится к использованию социальной инженерии для внедрения вредоносного ПО в системы.
Indicators of Compromise
URLs
- https://rxt.score.symposiumhaiti.com/gotoCheckout
- https://scripts.asi.services/cX458IXVf9TcXk/nhNa+y0nWDAAY7JxpQFgRZT9/nUk=
- https://scripts.asi.services/updateassets/css.css
- https://scripts.asi.services/updateassets/favicon/chrome.png
- https://scripts.asi.services/updateassets/img/chrome.jpg
- https://scripts.asi.services/updateassets/logo/chrome.png
- https://scripts.asi.services/Zdbrq/j4qGrfOOkzuaaPyBR2REliJzO2kdIIuYAeEPXMQ629sElH8dH2ueZNoh0q
- https://www.goodcoresoft.com/services/product-development/
- https://www.goodcoresoft.com/wp-content/plugins/email-subscribers/lite/public/js/email-subscribers-public.js?ver=5.5.13
- https://www.goodcoresoft.com/wp-includes/js/jquery/jquery.min.js?ver=3.6.0
- https://www.goodcoresoft.com/wp-includes/js/jquery/jquery-migrate.min.js?ver=3.3.2
- https://www.goodcoresoft.com/wp-includes/js/wp-embed.min.js?ver=5.8.6
Emails
- steve.sydenham@goodcoresoftware.com
MD5
- 23faf39efb9f1fea208d1d9a76b90403
- fa21c319af21ce7d105668923ab2a724