Sign in Create account

#rogueraticate — Public Fediverse posts

Live and recent posts from across the Fediverse tagged #rogueraticate, aggregated by home.social.

Jérôme Segura @[email protected] · 2023-08-03 · 21:18 UTC

#FakeSG / #RogueRaticate leading to #netsupportrat
ebodyfit[.]com/wp-content/uploads/ultimatemember/58/downloading-(114.0.522735.199%20(Official%20Build).url
ebodyfit[.]com/wp-content/uploads/ultimatemember/57/consciousnessx.hta
ebodyfit[.]com/wp-content/uploads/ultimatemember/56/housealba.zip
ebodyfit[.]com/wp-content/uploads/ultimatemember/56/clients32.exe
#threatintel #IOCs

#rogueraticate #fakesg #netsupportrat #threatintel #iocs
Randy @[email protected] · 2023-07-25 · 13:23 UTC

They updated the LNK to point to a different HTA which in turn grabs a different NetSupport INI to point at a new gateway. Curious how frequently this group rotates the chain.
Infection chain
compromised site
google-analytiks[.]com/sBY76j
-->
hXXps://esteticalocarno[.]com/wp-content/uploads/2023/02/Install%20Updater%20(V105.215.8412_silent).url
-->
hXXp://185[.]252.179.64:80/Downloads/shdeulerinstall[.]lnk
-->
hXXps://www[.]esteticalocarno[.]com/wp-content/uploads/2018/5/XVXCSASD.hta
-->
NetSupport GatewayAddress 94[.]158.244.41:443
0e74d799e5486979f7cafb3c6bbd8fab224f882b82197eb8975818bd61cbb667 XVXCSASD[.]hta
#FakeSG #RogueRaticate

#fakesg #rogueraticate