Mastodawn

Detected #SmartApeSG infection chain

Compromised site
-->
www[.]ski-snowboardvancouver[.]ca/d.js (injected)
-->
gralino[.]top/realm/throttle-template.php
-->
gralino[.]top/realm/role-asset.js (clickfix)
-->
vexnali[.]com/cc/info (HTA)

Monitor SG 19h ago

Detected #SmartApeSG infection chain

Compromised site
-->
cpajoliette[.]com/q (injected)
-->
gralino[.]top/realm/throttle-template.php
-->
gralino[.]top/realm/role-asset.js (clickfix)
-->
vexnali[.]com/cc/info (HTA)
-->
vexnali[.]com/ss/look (ZIP)

ec7350861106cdb07ea23d9cb39b45221d5979979d4c4727d3e41e866a0778e2 look

Monitor SG 21h ago

Detected #SmartApeSG infection chain

Compromised site
-->
www[.]ski-snowboardvancouver[.]ca/d.js (injected)
-->
gralino[.]top/realm/audit-worker.js
-->
gralino[.]top/realm/throttle-template.php
-->
gralino[.]top/realm/role-asset.js (clickfix)
-->
vexnali[.]com/cc/info (HTA)
-->
vexnali[.]com/ss/look (ZIP)

ec7350861106cdb07ea23d9cb39b45221d5979979d4c4727d3e41e866a0778e2 look

Monitor SG 22h ago

Detected #SmartApeSG infection chain

Compromised site
-->
cpajoliette[.]com/q (injected)
-->
gralino[.]top/realm/throttle-template.php
-->
gralino[.]top/realm/role-asset.js (clickfix)
-->
vexnali[.]com/cc/info (HTA)

Monitor SG 1d ago

Detected #SmartApeSG infection chain

Compromised site
-->
www[.]ski-snowboardvancouver[.]ca/d.js (injected)
-->
munqera[.]top/settings/tenant-core.php
-->
munqera[.]top/settings/login-storage.js (clickfix)

Monitor SG 1d ago

Detected #SmartApeSG infection chain

Compromised site
-->
www[.]ski-snowboardvancouver[.]ca/d.js (injected)
-->
munqera[.]top/settings/tenant-core.php
-->
munqera[.]top/settings/login-storage.js (clickfix)
-->
qeravito[.]com/hj/call (HTA)

Monitor SG 1d ago

Detected #SmartApeSG infection chain

Compromised site
-->
cpajoliette[.]com/q (injected)
-->
munqera[.]top/settings/tenant-core.php
-->
munqera[.]top/settings/login-storage.js (clickfix)
-->
qeravito[.]com/hj/call (HTA)

Monitor SG 1d ago

Detected #SmartApeSG infection chain

Compromised site
-->
www[.]ski-snowboardvancouver[.]ca/d.js (injected)
-->
munqera[.]top/settings/permission-server.js
-->
munqera[.]top/settings/tenant-core.php
-->
munqera[.]top/settings/login-storage.js (clickfix)
-->
qeravito[.]com/hj/call (HTA)

Monitor SG 2d ago

Detected #SmartApeSG infection chain

Compromised site
-->
vorqeni[.]top/settings/tenant-core.php
-->
vorqeni[.]top/settings/login-storage.js (clickfix)
-->
qeravito[.]com/hj/call (HTA)

The Threat Codex 2d ago

SmartApeSG campaign pushes Remcos RAT, NetSupport RAT, StealC, and Sectop RAT (ArechClient2)
#SmartApeSG #RemcosRAT #Stealc #SecTopRAT
https://isc.sans.edu/diary/32826