#sectoprat — Public Fediverse posts
Live and recent posts from across the Fediverse tagged #sectoprat, aggregated by home.social.
-
ISC Diary: #LummaStealer infection with #SectopRAT (#ArechClient2) https://isc.sans.edu/diary/32904
-
SmartApeSG campaign pushes Remcos RAT, NetSupport RAT, StealC, and Sectop RAT (ArechClient2)
#SmartApeSG #RemcosRAT #Stealc #SecTopRAT
https://isc.sans.edu/diary/32826 -
SmartApeSG campaign pushes Remcos RAT, NetSupport RAT, StealC, and Sectop RAT (ArechClient2)
#SmartApeSG #RemcosRAT #Stealc #SecTopRAT
https://isc.sans.edu/diary/32826 -
SmartApeSG campaign pushes Remcos RAT, NetSupport RAT, StealC, and Sectop RAT (ArechClient2)
#SmartApeSG #RemcosRAT #Stealc #SecTopRAT
https://isc.sans.edu/diary/32826 -
SmartApeSG campaign pushes Remcos RAT, NetSupport RAT, StealC, and Sectop RAT (ArechClient2)
#SmartApeSG #RemcosRAT #Stealc #SecTopRAT
https://isc.sans.edu/diary/32826 -
SmartApeSG campaign pushes Remcos RAT, NetSupport RAT, StealC, and Sectop RAT (ArechClient2)
#SmartApeSG #RemcosRAT #Stealc #SecTopRAT
https://isc.sans.edu/diary/32826 -
ISC Diary: #SmartApeSG campaign pushes #Remcos #RAT, #NetSupportRAT, #StealC and #SectopRAT (#ArechC https://isc.sans.edu/diary/32826
-
ISC Diary: #SmartApeSG campaign pushes #Remcos #RAT, #NetSupportRAT, #StealC and #SectopRAT (#ArechC https://isc.sans.edu/diary/32826
-
ISC Diary: #SmartApeSG campaign pushes #Remcos #RAT, #NetSupportRAT, #StealC and #SectopRAT (#ArechC https://isc.sans.edu/diary/32826
-
2025-08-15 (Friday): Here are some images from a post I wrote for my employer on other social media platforms.
This is from a #LummaStealer infection that led to #SectopRAT (#ArechClient2).
A #pcap of the infection traffc, along with the associated #malware and artifacts are available at https://www.malware-traffic-analysis.net/2025/08/15/index.html
-
We've observed an interesting infection chain ⛓️ in the wild, starting with #LummaStealer spread through a fake gaming website and resulting in #Latrodectus and #SectopRat 🪲🔍👀
See below for more ⬇️
-
We've observed an interesting infection chain ⛓️ in the wild, starting with #LummaStealer spread through a fake gaming website and resulting in #Latrodectus and #SectopRat 🪲🔍👀
See below for more ⬇️
-
We've observed an interesting infection chain ⛓️ in the wild, starting with #LummaStealer spread through a fake gaming website and resulting in #Latrodectus and #SectopRat 🪲🔍👀
See below for more ⬇️
-
We've observed an interesting infection chain ⛓️ in the wild, starting with #LummaStealer spread through a fake gaming website and resulting in #Latrodectus and #SectopRat 🪲🔍👀
See below for more ⬇️
-
We've observed an interesting infection chain ⛓️ in the wild, starting with #LummaStealer spread through a fake gaming website and resulting in #Latrodectus and #SectopRat 🪲🔍👀
See below for more ⬇️
-
2025-07-15 (Tuesday): #LummaStealer infection with #SecTopRAT.
A #pcap of the #Lumma traffic and #SecTop #RAT activity, the #malware/artifacts from an infection, and the associated IOCs are available at https://www.malware-traffic-analysis.net/2025/07/15/index.html
-
Fake PDFCandy File Converter Websites Spread Malware – Source:hackread.com https://ciso2ciso.com/fake-pdfcandy-file-converter-websites-spread-malware-sourcehackread-com/ #1CyberSecurityNewsPost #CyberSecurityNews #cybersecurity #ArechClient2 #ArechClient #CyberAttack #SectopRAT #CloudSEK #Hackread #PDFCandy #security #malware #Scam #PDF
-
Fake PDFCandy File Converter Websites Spread Malware – Source:hackread.com https://ciso2ciso.com/fake-pdfcandy-file-converter-websites-spread-malware-sourcehackread-com/ #1CyberSecurityNewsPost #CyberSecurityNews #cybersecurity #ArechClient2 #ArechClient #CyberAttack #SectopRAT #CloudSEK #Hackread #PDFCandy #security #malware #Scam #PDF
-
Fake PDFCandy File Converter Websites Spread Malware – Source:hackread.com https://ciso2ciso.com/fake-pdfcandy-file-converter-websites-spread-malware-sourcehackread-com/ #1CyberSecurityNewsPost #CyberSecurityNews #cybersecurity #ArechClient2 #ArechClient #CyberAttack #SectopRAT #CloudSEK #Hackread #PDFCandy #security #malware #Scam #PDF
-
Fake PDFCandy File Converter Websites Spread Malware – Source:hackread.com https://ciso2ciso.com/fake-pdfcandy-file-converter-websites-spread-malware-sourcehackread-com/ #1CyberSecurityNewsPost #CyberSecurityNews #cybersecurity #ArechClient2 #ArechClient #CyberAttack #SectopRAT #CloudSEK #Hackread #PDFCandy #security #malware #Scam #PDF
-
Fake Zoom Ends in BlackSuit Ransomware
#D3F@ckloader #IDATLoader #SecTopRAT
https://thedfirreport.com/2025/03/31/fake-zoom-ends-in-blacksuit-ransomware/ -
A week in security (February 17 – February 23) https://www.malwarebytes.com/blog/news/2025/02/a-week-in-security-february-17-february-23 #ARCStealer #SecTopRAT #DeepSeek #News
-
A week in security (February 17 – February 23) https://www.malwarebytes.com/blog/news/2025/02/a-week-in-security-february-17-february-23 #ARCStealer #SecTopRAT #DeepSeek #News
-
A week in security (February 17 – February 23) https://www.malwarebytes.com/blog/news/2025/02/a-week-in-security-february-17-february-23 #ARCStealer #SecTopRAT #DeepSeek #News
-
A week in security (February 17 – February 23) https://www.malwarebytes.com/blog/news/2025/02/a-week-in-security-february-17-february-23 #ARCStealer #SecTopRAT #DeepSeek #News
-
SecTopRAT bundled in Chrome installer distributed via Google Ads https://www.malwarebytes.com/blog/cybercrime/2025/02/sectoprat-bundled-in-chrome-installer-distributed-via-google-ads #GoogleChrome #malvertising #Cybercrime #GoogleAds #SecTopRAT
-
Fraudulent Slack ad shows malvertiser’s patience and skills https://www.malwarebytes.com/blog/cybercrime/2024/08/fraudulent-slack-ad-shows-malvertisers-patience-and-skills #malvertising #Cybercrime #GoogleAds #SecTopRAT #malware #Slack
-
Stories from the SOC Part 2: MSIX Installer Utilizes Telegram Bot to Execute IDAT Loader
#IDAT oader #SecTopRAT
https://www.rapid7.com/blog/post/2024/04/10/stories-from-the-soc-part-2-msix-installer-utilizes-telegram-bot-to-execute-idat-loader/ -
Stories from the SOC Part 2: MSIX Installer Utilizes Telegram Bot to Execute IDAT Loader
#IDAT oader #SecTopRAT
https://www.rapid7.com/blog/post/2024/04/10/stories-from-the-soc-part-2-msix-installer-utilizes-telegram-bot-to-execute-idat-loader/ -
Stories from the SOC Part 2: MSIX Installer Utilizes Telegram Bot to Execute IDAT Loader
#IDAT oader #SecTopRAT
https://www.rapid7.com/blog/post/2024/04/10/stories-from-the-soc-part-2-msix-installer-utilizes-telegram-bot-to-execute-idat-loader/ -
I noticed new activity on one of the domains associated with the loader for SectopRAT, which I recently analyzed.
It turns out, the threat actor was testing out new methods for initial access.
I wrote up my findings in a short update.
The killchain:
.url file -> .lnk -> WMIC/mshta -> .hta -> VBScript -> PowerShell -> Loaderhttps://rerednawyerg.github.io/posts/malwareanalysis/gad_sectoprat_update/
IOCs
cloudinstalller73489[.]shop
pputty[.]us
179.43.142[.]86 -
I got a chance to really dig into a malware sample stemming from a malicious Google ad, and finally finished a full writeup for it.
To summarize: Google ad --> fake PuTTY download site --> loader --> dropper --> SectopRAT
https://rerednawyerg.github.io/posts/malwareanalysis/gad_sectoprat/