SocGholish, an initial-access threat, was recently observed deploying ransomware, according to ReliaQuest researchers.1
WhoisXML API used the indicators of compromise (IoCs) published by ReliaQuest to understand the threat’s infrastructure and uncover more artifacts. Our research revealed:
- From six IoCs, an unredacted registrant email address was found
- 200+ artifacts registered by the same person behind an IoC
- 50+ additional artifacts related to the IoCs either through name server or string usage
- Malicious web properties, accounting for more than 5% of the artifacts
Download a sample of the threat research materials now or contact us to access the complete set of research materials.
—
- [1] https://www.reliaquest.com/blog/socgholish-fakeupdates/