「マルウェア ローダーの詳細: 今年これまでの攻撃の 80% を引き起こしたビッグ 3 」： The Register

「 #QBot、 #SocGholish 、 #Raspberry Robin の 3 つのマルウェア ローダーが、今年これまでに観察されたコンピュータやネットワークに対する攻撃の 80% の原因となっています。 」

https://www.theregister.com/2023/08/28/top_malware_loaders/

#prattohome #TheResister

Completed Part 3 of my personal #SocGholish series.

The article digs into the follow-up payloads delivered once the Update.js is executed on a victim machine.

Interestingly, I saw #NetSupport RAT and an unknown (to me) PowerShell C2 beacon be delivered together.

If anyone can shed more light on what the PowerShell may be, it would be much appreciated!

Big thanks to @rmceoin for help along the way.

https://rerednawyerg.github.io/posts/malwareanalysis/socgholish_part3

#SocGholish leads to #NetSupport RAT downloaded from --> http://wudugf[.]top/f23.svg

Credit to @rmceoin for the help getting the C2 to respond.

C2: *.nodes.gammalambdalambda.org

I've published the second in a series of blog posts on SocGholish related activity. The latest installment focuses on breaking down the fake update payload itself.

https://rerednawyerg.github.io/malware-analysis/socgholish_part2/

#socgholish #malware #intel #fakeupdates

I've been wanting to start a malware analysis/RE blog as I improve my skills. I published my first analysis a few days ago. Started out by analyzing a site with a malicious JavaScript inject leading to a SocGholish payload.

https://rerednawyerg.github.io/malware-analysis/socgholish/

#socgholish #malware #fakeupdates

#cyberattack #supplychain #proofpoint #attack

#socgholish #malware installed via ads... via supplychain attack via some 250 news sites... wow.. thats why i strip ads.

https://www.scmagazine.com/analysis/third-party-risk/more-than-250-us-news-sites-inject-malware-in-possible-supply-chain-attack

#cyberattack #supplychain #proofpoint #attack

#socgholish #malware installed via ads... via supplychain attack via some 250 news sites... wow.. thats why i strip ads.

https://www.scmagazine.com/analysis/third-party-risk/more-than-250-us-news-sites-inject-malware-in-possible-supply-chain-attack