Discovering Possible SocGholish Threat Vectors | WhoisXML API

Threat Reports

SocGholish IoCs and Artifacts: Tricking Users to Download Malware

SocGholish, an initial-access threat, was recently observed deploying ransomware, according to ReliaQuest researchers.1

WhoisXML API used the indicators of compromise (IoCs) published by ReliaQuest to understand the threat’s infrastructure and uncover more artifacts. Our research revealed:

  • From six IoCs, an unredacted registrant email address was found
  • 200+ artifacts registered by the same person behind an IoC
  • 50+ additional artifacts related to the IoCs either through name server or string usage
  • Malicious web properties, accounting for more than 5% of the artifacts

Download a sample of the threat research materials now or contact us to access the complete set of research materials.

  • [1] https://www.reliaquest.com/blog/socgholish-fakeupdates/
Try our WhoisXML API for free
Get started