all InfoSec news logo
all InfoSec news - Your InfoSec news aggregator
Log in Sign up
all InfoSec news

New SocGholish persistence method

Add to bookmarks
Feb. 13, 2024, 11:29 p.m. | /u/reliaquest_official

For [Blue|Purple] Teams in Cyber Defence www.reddit.com

While investigating customer detections in Q1 2024, ReliaQuest researchers identified the fake-update malware variant [“SocGholish” ingressing Python](https://www.reliaquest.com/blog/new-python-socgholish-infection-chain/?utm_source=reddit&utm_medium=social&utm_content=blog)—rather than Blister Loader—to establish persistence with a scheduled task, signaling an evolution in the malware’s behavior.

* SocGholish is using drive-by compromise in this new method to trick users into downloading a malicious JavaScript file. The file then downloads and extracts Python from a trusted domain and creates a scheduled task to run a malicious Python script.
* ReliaQuest believes this tactic will …

blueteamsec capabilities compromise defense domain downloads drive drive-by evasion file javascript malicious obfuscated organizations powershell powershell scripts python python script reliaquest run scheduled task script scripts socgholish tactic task

Visit resource

More from www.reddit.com / For [Blue|Purple] Teams in Cyber Defence

CVE-2024-24919 Check Point 0-Day Remote Access VPN - or - aCSHELL/../../../../../../../ homepage/admin/.ssh/id_rsa * ssh admin@Host … 17 hours ago | www.reddit.com
blueteamsec
Australian court rules on appeal that Cyber Incident Response documents ARE NOT protected from legal … 20 hours ago | www.reddit.com
australian blueteamsec claim court +17
Snowflake Community: Detecting and Preventing Unauthorized User Access: Instructions 1 day, 11 hours ago | www.reddit.com
access blueteamsec community instructions +2
Linux rootkits explained – Part 1: Dynamic linker hijacking, Part 2: Loadable kernel modules 1 day, 11 hours ago | www.reddit.com
blueteamsec dynamic explained hijacking +5
NSA Releases Guidance on the Visibility and Analytics Pillar of Zero Trust 1 day, 12 hours ago | www.reddit.com
analytics blueteamsec guidance nsa +4
Exiled, then spied on: Civil society in Latvia, Lithuania, and Poland targeted with Pegasus spyware 1 day, 23 hours ago | www.reddit.com
blueteamsec civil civil society latvia +6
How malware authors play with the LNK file format 2 days, 11 hours ago | www.reddit.com
authors blueteamsec file lnk +3
The Pumpkin Eclipse 2 days, 14 hours ago | www.reddit.com
blueteamsec eclipse pumpkin
The Best Way to Start with AWS Security Hub 2 days, 14 hours ago | www.reddit.com
aws aws security hub blueteamsec hub +3

Jobs in InfoSec / Cybersecurity

Post a Job Search Talent

CyberSOC Technical Lead

@ Integrity360 | Sandyford, Dublin, Ireland
View on infosec-jobs.com

Cyber Security Strategy Consultant

@ Capco | New York City
View on infosec-jobs.com

Cyber Security Senior Consultant

@ Capco | Chicago, IL
View on infosec-jobs.com

Sr. Product Manager

@ MixMode | Remote, US
View on infosec-jobs.com

Corporate Intern - Information Security (Year Round)

@ Associated Bank | US WI Remote
View on infosec-jobs.com

Senior Offensive Security Engineer

@ CoStar Group | US-DC Washington, DC
View on infosec-jobs.com