IDP Signatures
79269 MALWARE.SOCGHOLISH.ASYNCRAT.INFECTION.C
Back to list| Signature Id | 79269 |
| Name | MALWARE.SOCGHOLISH.ASYNCRAT.INFECTION.C |
| Group | IPS MALWARE GENERAL |
| Issued | 2024-03-07 |
| Last Updated | 2024-03-07 |
| Description | A legitimate but compromised website infected with Parrot TDS having malicious JS is redirecting visitors to SocGholish URL with a fake browser update page which downloads zip archive and extracted JS file is ran by wscript.exe when user double clicks on it leading to web traffic for Async RAT files, Post infection, Async RAT is persistant on host and scheduled task in it runs powershell script. |