ET MALWARE Win32/SocGholish GhostWeaver Backdoor Activity (PowerShell BOINC Download Request)

SID: 2060585Rev: 124 views
Sourceet/open
CreatedMarch 4, 2025
UpdatedMarch 4, 2025
Classificationtrojan-activity
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"ET MALWARE Win32/SocGholish GhostWeaver Backdoor Activity (PowerShell BOINC Download Request)"; flow:established,to_server; http.uri; content:".php?s=boicn"; endswith; fast_pattern:only; http.user_agent; content:"WindowsPowerShell/"; reference:url,trac-labs.com/dont-ghost-the-socgholish-ghostweaver-backdoor-574154dd9983; reference:url,huntress.com/blog/fake-browser-updates-lead-to-boinc-volunteer-computing-software; classtype:trojan-activity; sid:2060585; rev:1; metadata:attack_target Client_Endpoint, created_at 2025_03_04, deployment Perimeter, malware_family SocGholish, malware_family GhostWeaver, confidence High, signature_severity Major, tag Backdoor, tag ta569, updated_at 2025_03_04;)

References

urltrac-labs.com/dont-ghost-the-socgholish-ghostweaver-backdoor-574154dd9983
urlhuntress.com/blog/fake-browser-updates-lead-to-boinc-volunteer-computing-software

Metadata

attack targetClient_Endpoint
created at2025_03_04
deploymentPerimeter
malware familyGhostWeaver
confidenceHigh
signature severityMajor
tagta569
updated at2025_03_04

Comments (0)

Please sign in to leave a comment.
Sign in

No comments yet. Be the first to comment!