Uncovering Cyber Threat Networks: SmartApeSG & NetSupport RAT

Feb. 4, 2025, 7:45 a.m.

Description

This investigation explores the connections between SmartApeSG, a FakeUpdate threat, and NetSupport RAT. Through analysis of Internet telemetry data, the research uncovered related C2 management hosts, active NetSupport RAT servers, and cross-connections to suspicious infrastructure. Key findings include the identification of Moldovan IPs used for C2 management, an active NetSupport RAT cluster with old C2s still receiving victim communication, and potential links between SmartApeSG and NetSupport RAT infrastructures. The investigation also revealed connections to Quasar RAT and cryptocurrency-related activities. The research demonstrates how pivoting through Internet telemetry data can uncover complex threat actor infrastructures and their persistent evolution.

External References

https://www.team-cymru.com/post/tracing-the-path-from-smartapesg-to-netsupport-rat
https://otx.alienvault.com/pulse/67a182dc6ac40eb6a70b9d76
Tags
cryptocurrency
socgholish
quasar rat
netsupport rat
clearfake
c2 infrastructure
2025-02-04
moldovan ips
pivoting analysis
fakeupdate
landupdate808
ispmanager
smartapesg
lycantrox

Date

  • Created: Feb. 4, 2025, 3 a.m.
  • Published: Feb. 4, 2025, 3 a.m.
  • Modified: Feb. 4, 2025, 7:45 a.m.

Indicators

  • 5.181.159.119
  • 5.181.159.111
  • 5.181.159.113
  • 5.181.158.15
  • 5.181.156.16
  • 5.181.157.69
  • 193.107.109.76
  • zytjbgev.icu
  • zjdhduv.com
  • usjnvovoo4.net
  • ubsglobalmarkets.com
  • u55fbwiubyuere.xyz
  • u4snvsrtvlrui.xyz
  • torpoa.cn
  • tripdsbeacgsa43wes.xyz
  • tojh5roh4.top
  • ssdghgrehndx.cn
  • sevndgkhkidgr.xyz
  • sidfbuz8egozs.cn
  • sertte56gzxes.cn
  • sdjbizirebz.cn
  • sdgn446yhd.cn
  • sdfojbeufibibsuu8u.cn
  • scheduleyaraupd2.cn
  • sasygzsu4zusaty.cn
  • sasfyvuaseyzzs.cn
  • rivosgroup.com
  • safvyhgdrsdfhd.xyz
  • ruhvsvya.icu
  • recsfgsfxvdgr.xyz
  • nfdsnvuusds7d64jg.cn
  • msguguudfh4.xyz
  • moreeu.cn
  • mixuvvvjsurub.cn
  • mgsubneu4hgba.xyz
  • k-trades.com
  • jkhmzxvidfyidu.xyz
  • jintsung.cn
  • isaydiuaysoidalkspw.com
  • huntaget.cn
  • gsdgtruhu45.cn
  • gkdkr.icu
  • gfu6nfmgnm86gm.xyz
  • gjuauyfhjha.cn
  • fufvnasie.icu
  • fdoshbjdo.icu
  • exploit.im
  • e3ubj753ifg.xyz
  • dvtrstrhdbcvbxr.xyz
  • duvje6egvuas.com
  • dsfygfnb3.icu
  • dgdsrzzw45tg.cn
  • comparegjs.com
  • asdsrjhegrhj.xyz
  • asdgelvasd.icu
  • allenew1.com
  • 23mtkro.cn
Download all indicators here!

Attack Patterns

  • Lycantrox
  • LandUpdate808
  • SmartApeSG
  • ClearFake
  • NetSupport RAT
  • SocGholish
  • Quasar RAT

Additional Informations

  • Moldova, Republic of
  • Russian Federation