2020-02-04 - PCAP AND MALWARE FOR AN ISC DIARY (SOCGHOLISH)
NOTES:
- The ISC diary is for Wednesday 2020-02-05: Fake browser update pages are "still a thing"
- Zip files are password-protected. If you don't know the password, look at the "about" page of this website.
ASSOCIATED FILES:
- 2020-02-04-socgholish-traffic-traffic-example.saz 1.2 MB (1,227,630 bytes)
- 2020-02-04-socgholish-traffic-example.pcap.zip 1.3 MB (1,270,832 bytes)
- 2020-02-04-socgholish-traffic-example.pcap (1,499,381 bytes)
- 2020-02-04-SocGholish-malare-and-artifacts.zip 124 kB (123,848 bytes)
- 2020-02-04-sodality.mandmsolicitors.com-1-of-3.txt (3,120 bytes)
- 2020-02-04-sodality.mandmsolicitors.com-2-of-3.txt (4,920 bytes)
- 2020-02-04-sodality.mandmsolicitors.com-3-of-3.txt (4,031 bytes)
- 2020-02-04-trace.mukandratourandtravels.com-initial.txt (47,684 bytes)
- Firefox.Update.4ee488.zip (32,231 bytes)
- Firefox.js (90,690 bytes)
- client32.ini (596 bytes)
- presentationhost.exe (105,848 bytes)
- 2020-02-05-socgholish-JS-file-sends-NetSupport-RAT.pcap.zip 5.0 MB (4,983,681 bytes)
- 2020-02-05-socgholish-JS-file-sends-NetSupport-RAT.pcap (10,744,242 bytes)
Click here to return to the main page.