ET MALWARE SocGholish CnC Domain in TLS SNI (* .benefits .melanatedbloodlinesrestoration .com)

SID: 2055770Rev: 4102 viewsHistory

Sourceet/open

CreatedSeptember 9, 2024

UpdatedDecember 24, 2024

Classificationdomain-c2

alert tls $HOME_NET any -> $EXTERNAL_NET any (msg:"ET MALWARE SocGholish CnC Domain in TLS SNI (* .benefits .melanatedbloodlinesrestoration .com)"; flow:established,to_server; tls.sni; dotprefix; content:".benefits.melanatedbloodlinesrestoration.com"; endswith; nocase; fast_pattern; reference:url,community.emergingthreats.net/t/et-socgholish-rules-response-guidance/335; reference:url,infosec.exchange/@monitorsg/112472167215070364; classtype:domain-c2; sid:2055770; rev:4; metadata:attack_target Client_Endpoint, tls_state TLSEncrypt, created_at 2024_09_09, deployment Perimeter, deprecation_reason Relevance, malware_family SocGholish, performance_impact Low, confidence High, signature_severity Critical, tag compromised_website, updated_at 2024_12_24, reviewed_at 2024_12_24, mitre_tactic_id TA0001, mitre_tactic_name Initial_Access, mitre_technique_id T1189, mitre_technique_name Drive_by_Compromise; target:src_ip;)

References

url	community.emergingthreats.net/t/et-socgholish-rules-response-guidance/335
url	infosec.exchange/@monitorsg/112472167215070364

Metadata

attack targetClient_Endpoint

tls stateTLSEncrypt

created at2024_09_09

deploymentPerimeter

deprecation reasonRelevance

malware familySocGholish

performance impactLow

confidenceHigh

signature severityCritical

tagcompromised_website

updated at2024_12_24

reviewed at2024_12_24

mitre tactic idTA0001

mitre tactic nameInitial_Access

mitre technique idT1189

mitre technique nameDrive_by_Compromise

Comments (0)

Please sign in to leave a comment.

No comments yet. Be the first to comment!