2019-08-26 - DATA DUMP: SOCGHOLISH CAMPAIGN PUSHES NETSUPPORT RAT
ASSOCIATED FILES:
- 2019-08-26-SocGholish-campaign-fake-Chrome-update-pushes-NetSupport-RAT.pcap.zip 20.6 MB (20,597,795 bytes)
- 2019-08-26-NetSupport-RAT-malware-and-artifacts-from-SocGholish-campaign.zip 5.2 MB (5,202,136 bytes)
NOTES:
- Zip archives are password-protected with the standard password. If you don't know it, see the "about" page of this website.
- SocGholish is a term used in the EmergingThreats rules that alert on network traffic for this activity.
- The "Soc" in SocGholish is a contraction for "Social Engineering" because this campaign uses fake update-themed web pages to trick potential victims.
- I'd previously called this the "Fake Updates" campaign, but I'm now calling it by the EmergingThreats rule.
- My previous documentation for this campaign was on 2019-06-28.
Click here to return to the main page.