Detected #SmartApeSG infection chain
Compromised site
-->
cpajoliette[.]com/q (injected)
-->
gralino[.]top/realm/throttle-template.php
-->
gralino[.]top/realm/role-asset.js (clickfix)
-->
vexnali[.]com/cc/info (HTA)
M
monitorsg@infosec.exchange
@monitorsg@infosec.exchange
Posts
-
Detected #SmartApeSG infection chain -
Detected #SmartApeSG infection chainDetected #SmartApeSG infection chain
Compromised site
-->
www[.]ski-snowboardvancouver[.]ca/d.js (injected)
-->
fresicrto[.]top/session/router-build.js
-->
fresicrto[.]top/session/route-header.php
-->
fresicrto[.]top/session/scope-schema.js (clickfix)
-->
urotypos[.]com/cd/temp (HTA)
-->
urotypos[.]com/ls/production (ZIP)a6a748c0606fb9600fdf04763523b7da20b382b054b875fdd1ef1c36fc16079a production
-
Detected #SmartApeSG infection chainDetected #SmartApeSG infection chain
Compromised site
-->
cpajoliette[.]com/q (injected)
-->
dsfeuyyd[.]top/throttle/policy-client.php
-->
dsfeuyyd[.]top/throttle/health-stylesheet.js (clickfix)
-->
poqwserty[.]com/user/me (HTA)
-->
poqwserty[.]com/reviewer/document (ZIP)5ef1ac71ab40e2ff87dbef0912a18d0c31901939af7b59bc24a5921e39a48293 document
-
Detected #SmartApeSG infection chainDetected #SmartApeSG infection chain
Compromised site
-->
cpajoliette[.]com/q (injected)
-->
dsfeuyyd[.]top/throttle/policy-client.php
-->
dsfeuyyd[.]top/throttle/health-stylesheet.js (clickfix)
-->
poqwserty[.]com/user/me (HTA) -
New #SocGholish C2:New #SocGholish C2:
hXXps://cpanel.baeinevand.eu[.]org/XgdK7BK3uIzjYIr5uSbB1ol3tSdD7BKqkw==
cpanel.baeinevand.eu[.]org
107[.]175.88.57
AS36352 HostPapa -
Detected #SmartApeSG infection chainDetected #SmartApeSG infection chain
Compromised site
-->
treidoveir[.]top/health/health-css.php
-->
treidoveir[.]top/health/identity-effect.js (clickfix)
-->
dementiond[.]com/old/version (HTA) -
Detected #KongTuke infection chainDetected #KongTuke infection chain
Compromised site
-->
aawbi[.]com/5232f.js
-->
aawbi[.]com/js.php (ClickFix)
-->
artsselection[.]com/bookmarks (Powershell)3b12fea31ace4c4d105c0f9f3e7c85d29bd18b5bef5fbde38043ebdff483abe0 bookmarks
-
Detected #SmartApeSG infection chainDetected #SmartApeSG infection chain
Compromised site
-->
thesnackbee[.]com/j.js (injected)
-->
vcterypore[.]top/beta/api-sandbox.php
-->
vcterypore[.]top/beta/rate-css.js (clickfix)
-->
otrypity[.]com/monitoring/ready (HTA) -
Detected #SmartApeSG infection chainDetected #SmartApeSG infection chain
Compromised site
-->
cpajoliette[.]com/d.js (injected)
-->
redsiout[.]top/beta/proxy-deploy.js
-->
redsiout[.]top/beta/api-sandbox.php
-->
redsiout[.]top/beta/rate-css.js (clickfix)
-->
otrypity[.]com/monitoring/ready (HTA) -
Detected #KongTuke infection chainDetected #KongTuke infection chain
Compromised site
-->
voginc[.]com/58hgs.js
-->
voginc[.]com/js.php (ClickFix) -
Detected #KongTuke infection chainDetected #KongTuke infection chain
Compromised site
-->
flatheadcat[.]com/7s99.js
-->
FlatheadCat[.]com/js.php (ClickFix) -
Detected #SmartApeSG infection chainDetected #SmartApeSG infection chain
Compromised site
-->
dist-ctroy[.]top/tenant/refresh-request.php
-->
dist-ctroy[.]top/tenant/session-sandbox.js (clickfix)
-->
certiouts[.]com/user/content (HTA) -
Detected #SmartApeSG infection chainDetected #SmartApeSG infection chain
Compromised site
-->
dist-ctroy[.]top/tenant/refresh-request.php
-->
dist-ctroy[.]top/tenant/session-sandbox.js (clickfix) -
Detected #KongTuke infection chainDetected #KongTuke infection chain
Compromised site
-->
unanistan[.]com/5gw2.js
-->
unanistan[.]com/js.php (ClickFix)
-->
sellmeyourbiz[.]com/customers (Powershell)699fd7a8d69c2a7fa84786794e318cf1ef41631ac4b3181e65cbbaf06b0ec17b customers
-
Detected #SmartApeSG infection chainDetected #SmartApeSG infection chain
Compromised site
-->
cpajoliette[.]com/q (injected)
-->
retrypoti[.]top/endpoint/login-asset.php
-->
retrypoti[.]top/endpoint/handler-css.js (clickfix)
-->
forcebiturg[.]com/boot (HTA) -
Detected #KongTuke infection chainDetected #KongTuke infection chain
Compromised site
-->
elenviel[.]com/4s2h.js
-->
elenviel[.]com/js.php (ClickFix)
-->
salelegalsteroids[.]com/enterprise (Powershell)aaf1d5be8ba2de0d02d84d5aabdbf1fd35ffe78270506bfed9507fabd8f8fa8c enterprise
-
Detected #SmartApeSG infection chainDetected #SmartApeSG infection chain
Compromised site
-->
cpajoliette[.]com/q (injected)
-->
retrypoti[.]top/endpoint/login-asset.php
-->
retrypoti[.]top/endpoint/handler-css.js (clickfix) -
New #SocGholish C2:New #SocGholish C2:
hXXps://files.jeaniescott[.]digital/XgdK7BK3uIzjYIr5uSbB1ol3tSdD7BKqkw==
files.jeaniescott[.]digital
104[.]194.222.207
AS22653 Cyber Wurx LLC -
Detected #SmartApeSG infection chainDetected #SmartApeSG infection chain
Compromised site
-->
trofedi[.]top/reset/tenant-pipeline.php
-->
trofedi[.]top/reset/private-compiler.js (clickfix)
-->
amfredio[.]com/server (HTA)
-->
amfredio[.]com/success (ZIP)e2f0d2243a95db379dd75de57fb98ffbc421cd58e9d11a2ca5a842540db9ba6a success
-
New #SocGholish C2:New #SocGholish C2:
hXXps://feedback.grovecitypestcontrol[.]com/XgdK7BK3uIzjYIr5uSbB1ol3tSdD7BKqkw==
feedback.grovecitypestcontrol[.]com
66[.]42.85.143
AS20473 The Constant Company, LLC