2019-08-26 - DATA DUMP: SOCGHOLISH CAMPAIGN PUSHES NETSUPPORT RAT

NOTICE:

• The zip archives on this page have been updated, and they now use the new password scheme.  For the new password, see the "about" page of this website.

ASSOCIATED FILES:

• 2019-08-26-SocGholish-campaign-fake-Chrome-update-pushes-NetSupport-RAT.pcap.zip   20.6 MB (20,597,795 bytes)
• 2019-08-26-NetSupport-RAT-malware-and-artifacts-from-SocGholish-campaign.zip   5.2 MB (5,205,184 bytes)

NOTES:

• SocGholish is a term used in the EmergingThreats rules that alert on network traffic for this activity.
• The "Soc" in SocGholish is a contraction for "Social Engineering" because this campaign uses fake update-themed web pages to trick potential victims.
• I'd previously called this the "Fake Updates" campaign, but I'm now calling it by the EmergingThreats rule.
• My previous documentation for this campaign was on 2019-06-28.

 

Click here to return to the main page.