2025-08-20: SmartApeSG CAPTCHA page to ClickFix script to NetSupport RAT to StealCv2
2025年8月20日记录了一起网络攻击事件,涉及SmartApeSG脚本生成虚假CAPTCHA页面,进而执行ClickFix脚本植入NetSupport远程控制木马和StealC v2窃密工具。相关数据以加密ZIP文件形式存储,并附有Wireshark流量分析。 2025-8-20 22:46:0 Author: www.malware-traffic-analysis.net(查看原文) 阅读量:2 收藏
2025年8月20日记录了一起网络攻击事件,涉及SmartApeSG脚本生成虚假CAPTCHA页面,进而执行ClickFix脚本植入NetSupport远程控制木马和StealC v2窃密工具。相关数据以加密ZIP文件形式存储,并附有Wireshark流量分析。 2025-8-20 22:46:0 Author: www.malware-traffic-analysis.net(查看原文) 阅读量:2 收藏
2025-08-20 (WEDNESDAY): SMARTAPESG CAPTCHA PAGE --> CLICKFIX SCRIPT --> NETSUPPORT RAT --> STEALC V2
NOTES:
- Zip files are password-protected. Of note, this site has a new password scheme. For the password, see the "about" page of this website.
ASSOCIATED FILES:
- 2025-08-20-IOCs-for-SmartApeSG-ClickFix-NetSupport-RAT-with-StealCv2.txt.zip 1.7 kB (1,737 bytes)
- 2025-08-20-SmartAgeSG-Netsupport-RAT-with-StealCv2.pcap.zip 63.1 MB (63,129,119 bytes)
- 2025-08-20-files-from-the-infection.zip 57.8 MB (57,817,477 bytes)
IMAGES
Shown above: Fake CAPTHA page generated by SmartApeSG script injected into compromised website.
Shown above: ClickFix instructions from the fake CAPTCHA page.
Shown above: Traffic from the infection filtered in Wireshark.
Click here to return to the main page.
文章来源: https://www.malware-traffic-analysis.net/2025/08/20/index.html
如有侵权请联系:admin#unsafe.sh
如有侵权请联系:admin#unsafe.sh