Greetings! You may have noticed we recently introduced a new metadata tag to several rules (in fact, over 1700) - ‘compromised_website’.
This tag indicates a rule is alerting on the threat actor tactic of using malicious JavaScript injects within legitimate websites to serve malware - typically bogus messaging alerting the site visitor that their system requires an update. This may lead to a download of a malicious, .js file and subsequent system infection.
For further information and triaging guidance for infections of this type, see our ET SocGholish Rules Response Guidance page!