ThreatCat.chToday's new #TA569 #KeitaroTDS TDS domain, still hosted on the same IP as the others, is deeptrickday[.]org - e.g. hXXps://deeptrickday[.]org/fMYD7fFx seen in wild.
2nd stage SocGholish TDS remains trackrecord[.]wheresbecky[.]com but finally we also witness new SocGholish C2 *[.]score[.]symposiumhaiti[.]com on 5.255.119[.]147 :
Randy :donor: (@[email protected])
Attached: 1 image I'm actively poking at a SocGholish compromised site and just watched it switch it's C2 from this. reseller[.]wonderfulworldblog[.]com To this. score[.]symposiumhaiti[.]com The first one was already considered malware by our vendor tools. This new one was not. Added that bad boy to the block list. 🚫​ #SocGholish #ThreatIntel