Rule Library
Sigma Rules
2 rules found for "SocGholish"
3,731Total
3,132Detection
457Emerging
139Hunting
Emerging Threathightest
FakeUpdates/SocGholish Activity
Detects initial execution of FakeUpdates/SocGholish malware via wscript that later executes commands via cmd or powershell.
WindowsProcess Creation
kostastsaleThu Jun 162022
Emerging Threathightest
Potential SocGholish Second Stage C2 DNS Query
Detects a DNS query initiated from a "wscript" process for domains matching a specific pattern that was seen being used by SocGholish for its Command and Control traffic
WindowsDNS Query
Dusty MillerThu Feb 232023