Today > 1 Critical | 2 High | 8 Medium | 3 Low vulnerabilities   -   You can now download lists of IOCs here!

Uncovering Cyber Threat Networks: SmartApeSG & NetSupport RAT

Feb. 4, 2025, 7:45 a.m.

Description

This investigation explores the connections between SmartApeSG, a FakeUpdate threat, and NetSupport RAT. Through analysis of Internet telemetry data, the research uncovered related C2 management hosts, active NetSupport RAT servers, and cross-connections to suspicious infrastructure. Key findings include the identification of Moldovan IPs used for C2 management, an active NetSupport RAT cluster with old C2s still receiving victim communication, and potential links between SmartApeSG and NetSupport RAT infrastructures. The investigation also revealed connections to Quasar RAT and cryptocurrency-related activities. The research demonstrates how pivoting through Internet telemetry data can uncover complex threat actor infrastructures and their persistent evolution.

Date

Published: Feb. 4, 2025, 3 a.m.

Created: Feb. 4, 2025, 3 a.m.

Modified: Feb. 4, 2025, 7:45 a.m.

Indicators

5.181.159.119

5.181.159.111

5.181.159.113

5.181.158.15

5.181.156.16

5.181.157.69

193.107.109.76

zytjbgev.icu

zjdhduv.com

usjnvovoo4.net

ubsglobalmarkets.com

u55fbwiubyuere.xyz

u4snvsrtvlrui.xyz

torpoa.cn

tripdsbeacgsa43wes.xyz

tojh5roh4.top

ssdghgrehndx.cn

sevndgkhkidgr.xyz

sidfbuz8egozs.cn

sertte56gzxes.cn

sdjbizirebz.cn

sdgn446yhd.cn

sdfojbeufibibsuu8u.cn

scheduleyaraupd2.cn

sasygzsu4zusaty.cn

sasfyvuaseyzzs.cn

rivosgroup.com

safvyhgdrsdfhd.xyz

ruhvsvya.icu

recsfgsfxvdgr.xyz

nfdsnvuusds7d64jg.cn

msguguudfh4.xyz

moreeu.cn

mixuvvvjsurub.cn

mgsubneu4hgba.xyz

k-trades.com

jkhmzxvidfyidu.xyz

jintsung.cn

isaydiuaysoidalkspw.com

huntaget.cn

gsdgtruhu45.cn

gkdkr.icu

gfu6nfmgnm86gm.xyz

gjuauyfhjha.cn

fufvnasie.icu

fdoshbjdo.icu

exploit.im

e3ubj753ifg.xyz

dvtrstrhdbcvbxr.xyz

duvje6egvuas.com

dsfygfnb3.icu

dgdsrzzw45tg.cn

comparegjs.com

asdsrjhegrhj.xyz

asdgelvasd.icu

allenew1.com

23mtkro.cn

Attack Patterns

Lycantrox

LandUpdate808

SmartApeSG

ClearFake

NetSupport RAT

SocGholish

Quasar RAT

T1584.001

T1583.001

T1553.002

T1136

T1204.001

T1566.002

T1571

T1573

T1071

T1102

T1219

T1132

T1027

T1190

T1133

T1090

T1059

Additional Informations

Moldova, Republic of

Russian Federation