2025-09-03: Kongtuke CAPTCHA page to ClickFix script to Lumma Stealer
2025年9月3日记录了一起网络攻击事件,涉及Kongtuke验证码页面和ClickFix脚本,最终导致Lumma Stealer传播。相关文件包括密码保护的ZIP档案和恶意软件样本,附有注入脚本、下载位置及Wireshark流量截图作为证据。 2025-9-3 18:8:0 Author: www.malware-traffic-analysis.net(查看原文) 阅读量:2 收藏
2025年9月3日记录了一起网络攻击事件,涉及Kongtuke验证码页面和ClickFix脚本,最终导致Lumma Stealer传播。相关文件包括密码保护的ZIP档案和恶意软件样本,附有注入脚本、下载位置及Wireshark流量截图作为证据。 2025-9-3 18:8:0 Author: www.malware-traffic-analysis.net(查看原文) 阅读量:2 收藏
2025-09-03 (WEDNESDAY): KONGTUKE CAPTCHA PAGE --> CLICKFIX SCRIPT --> LUMMA STEALER
NOTES:
- Zip files are password-protected. Of note, this site has a new password scheme. For the password, see the "about" page of this website.
ASSOCIATED FILES:
- 2025-09-03-IOCS-for-Kongtuke-ClickFix-leading-to-Lumma-Stealer.txt.zip 1.1 kB (1,061 bytes)
- 2025-09-03-Kongtuke-ClickFix-leading-to-Lumma-Stealer.pcap.zip 31.3 MB (31,256,105 bytes)
- 2025-09-03-Kongtuke-and-Lumma-Stealer-files.zip 30.0 MB (26,976,030 bytes)
IMAGES
Shown above: Kongtuke style injected script in page from compromised website.
Shown above: Kongtuke CAPTCHA page and example of ClickFix style script injected into victim's clipboard.
Shown above: Location of downloaded zip archive for Lumma Stealer and the extracted files from an infection.
Shown above: Traffic from an infection filtered in Wireshark.
Click here to return to the main page.
文章来源: https://www.malware-traffic-analysis.net/2025/09/03/index.html
如有侵权请联系:admin#unsafe.sh
如有侵权请联系:admin#unsafe.sh