all InfoSec news logo
all InfoSec news - Your InfoSec news aggregator
Log in Sign up
all InfoSec news

New SocGholish persistence method

Add to bookmarks
Feb. 13, 2024, 11:29 p.m. | /u/reliaquest_official

For [Blue|Purple] Teams in Cyber Defence www.reddit.com

While investigating customer detections in Q1 2024, ReliaQuest researchers identified the fake-update malware variant [“SocGholish” ingressing Python](https://www.reliaquest.com/blog/new-python-socgholish-infection-chain/?utm_source=reddit&utm_medium=social&utm_content=blog)—rather than Blister Loader—to establish persistence with a scheduled task, signaling an evolution in the malware’s behavior.

* SocGholish is using drive-by compromise in this new method to trick users into downloading a malicious JavaScript file. The file then downloads and extracts Python from a trusted domain and creates a scheduled task to run a malicious Python script.
* ReliaQuest believes this tactic will …

blueteamsec capabilities compromise defense domain downloads drive drive-by evasion file javascript malicious obfuscated organizations powershell powershell scripts python python script reliaquest run scheduled task script scripts socgholish tactic task

Visit resource

More from www.reddit.com / For [Blue|Purple] Teams in Cyber Defence

How to Block Residential Proxies using Okta 1 day, 7 hours ago | www.reddit.com
block blueteamsec okta proxies
2024 Cyber Insurance Claims Report 1 day, 21 hours ago | www.reddit.com
blueteamsec claims cyber cyber insurance +2
Just-in-Time admin and production access using Azure PIM 2 days, 13 hours ago | www.reddit.com
access admin azure blueteamsec +3
Hackers use developing countries as testing ground for new ransomware attacks 2 days, 17 hours ago | www.reddit.com
attacks blueteamsec countries developing countries +4
OSHIT: Seven Deadly Sins of Bad Open Source Research - bellingcat 2 days, 17 hours ago | www.reddit.com
bad bellingcat blueteamsec open source +1
Examining the Deception infrastructure in place behind code.microsoft.com 3 days, 9 hours ago | www.reddit.com
blueteamsec code com deception +2
The cyber threat to research laboratories - Canadian Centre for Cyber Security 3 days, 19 hours ago | www.reddit.com
blueteamsec canadian canadian centre for cyber security cyber +6
hunt_arcanedoor_ips.csv: Full IP list to check against your ASA/Flow logs for the ArcaneDoor Cisco ASA … 4 days, 6 hours ago | www.reddit.com
arcanedoor asa blueteamsec check +8
CVE-2024-21111 - Local Privilege Escalation in Oracle VirtualBox 4 days, 8 hours ago | www.reddit.com
blueteamsec cve cve-2024 escalation +7

Jobs in InfoSec / Cybersecurity

Post a job on infosec-jobs.com Find talent on infosec-jobs.com

SOC 2 Manager, Audit and Certification

@ Deloitte | US and CA Multiple Locations
View on infosec-jobs.com

Senior Security Architect - Northwest region (Remote)

@ GuidePoint Security LLC | Remote
View on infosec-jobs.com

Senior Consultant, Cyber Security Architecture

@ 6point6 | Manchester, United Kingdom
View on infosec-jobs.com

Junior Security Architect

@ IQ-EQ | Port Louis, Mauritius
View on infosec-jobs.com

Senior Detection & Response Engineer

@ Expel | Remote
View on infosec-jobs.com

Cyber Security Systems Engineer ISSE Splunk

@ SAP | Southbank (Melbourne), VIC, AU, 3006
View on infosec-jobs.com
View more jobs