Skip to content

Commit

Permalink
Updated 2024-02-21-IOCs-from-SocGholish-AsyncRAT-infection.txt
Browse files Browse the repository at this point in the history
  • Loading branch information
@brad-duncan
brad-duncan authored Feb 21, 2024
1 parent 3eb0c71 commit 367e4b0
Showing 1 changed file with 6 additions and 1 deletion.
7 changes: 6 additions & 1 deletion 2024-02-21-IOCs-from-SocGholish-AsyncRAT-infection.txt
View file
Original file line number Diff line number Diff line change
@@ -1,5 +1,10 @@
2024-02-21 (WEDNESDAY): PARROT TDS --> SOCGHOLISH --> ASYNC RAT

REFERENCES:

- https://www.linkedin.com/posts/unit42_parrottds-socgholish-asyncrat-activity-7166192124441415681-rnLv
- https://twitter.com/Unit42_Intel/status/1760426508558950518

INFECTION CHAIN:

- legitimate but compromised site --> ParrotTDS script --> SocGholish URL -->
Expand Down Expand Up @@ -65,4 +70,4 @@ CONNECTIVITY AND LOCATION CHECKS BY ASYNC RAT-INFECTED HOST (NOT MALICIOUS):
- port 80 - ipinfo[.]io - GET /[public IP address of infected host]/city
- port 80 - ipinfo[.]io - GET /[public IP address of infected host]/region
- port 80 - ipinfo[.]io - GET /[public IP address of infected host]/country
- port 80 - www.google[.]com - GET /robots.txt
- port 80 - www.google[.]com - GET /robots.txt

0 comments on commit 367e4b0

Please sign in to comment.