Uncovering Cyber Threat Networks: SmartApeSG & NetSupport RAT
Essential information
- Published
- 04/02/2025 03:00
- Modified
- 04/02/2025 07:45
- Tags
- 2025-02-04 c2 infrastructure clearfake cryptocurrency fakeupdate ispmanager landupdate808 lycantrox moldovan ips netsupport rat pivoting analysis quasar rat smartapesg socgholish
- Related entities
- 57 observables, 17 techniques (mitre), 7 malware, 2 others
Description
This investigation explores the connections between SmartApeSG, a FakeUpdate threat, and NetSupport RAT. Through analysis of Internet telemetry data, the research uncovered related C2 management hosts, active NetSupport RAT servers, and cross-connections to suspicious infrastructure. Key findings include the identification of Moldovan IPs used for C2 management, an active NetSupport RAT cluster with old C2s still receiving victim communication, and potential links between SmartApeSG and NetSupport RAT infrastructures. The investigation also revealed connections to Quasar RAT and cryptocurrency-related activities. The research demonstrates how pivoting through Internet telemetry data can uncover complex threat actor infrastructures and their persistent evolution.