2025-10-08: Infection from Kongtuke campaign's ClickFix page
2025年10月8日记录了Kongtuke活动通过ClickFix页面传播感染的情况,涉及密码保护的ZIP文件、网络流量数据包及恶意脚本注入等证据。 2025-10-9 04:22:0 Author: www.malware-traffic-analysis.net(查看原文) 阅读量:7 收藏
2025年10月8日记录了Kongtuke活动通过ClickFix页面传播感染的情况,涉及密码保护的ZIP文件、网络流量数据包及恶意脚本注入等证据。 2025-10-9 04:22:0 Author: www.malware-traffic-analysis.net(查看原文) 阅读量:7 收藏
2025-10-08 (WEDNESDAY): INFECTION FROM KONGTUKE CAMPAIGN'S CLICKFIX PAGE
NOTES:
- Zip files are password-protected. Of note, this site has a new password scheme. For the password, see the "about" page of this website.
ASSOCIATED FILES:
- 2025-10-08-IOCs-for-Kongtuke-activity.txt.zip 2.2 kB (2,205 bytes)
- 2025-10-08-browser-cache-files.zip 80.6 kB (80,642 bytes)
- 2025-10-08-initial-infection-traffic-from-Kongtuke-ClickFix-page.pcap.zip 246.5 MB (256,480,955 bytes)
- 2025-10-08-traffic-after-rebooting-host.pcap.zip 35.4 MB (35,364,980 bytes)
- 2025-10-08-files-exported-from-first-pcap.zip 205.6 MB (205,609,176 bytes)
- 2025-10-08-files-found-under-AppData-directory.zip 222.3 MB (222,303,224 bytes)
- 2025-10-08-scheduled-tasks.zip 4.7 kB (4,680 bytes)
IMAGES
Shown above: Traffic from the infection filtered in Wireshark.
Shown above: HTML of page from compromised site showing the injected Kongtuke script.
Shown above: Fake CAPTCHA page from traffic generated by the injected Kongtuke script.
Shown above: Following instructions from the Kongtuke campaign's fake CAPTCHA page.
Click here to return to the main page.
文章来源: https://www.malware-traffic-analysis.net/2025/10/08/index.html
如有侵权请联系:admin#unsafe.sh
如有侵权请联系:admin#unsafe.sh