2025-04-04 (FRIDAY): KONGTUKE ACTIVITY

NOTES:

• Zip files are password-protected.  Of note, this site has a new password scheme.  For the password, see the "about" page of this website.

REFERENCES:

• https://www.linkedin.com/posts/unit42_kongtuke-captcha-clipboardhijacking-activity-7314019453262839808-nB2-/
• https://x.com/Unit42_Intel/status/1908253830166323637
• https://github.com/PaloAltoNetworks/Unit42-timely-threat-intel/blob/main/2025-04-04-IOCs-forKongTuke-web-inject-leading-to-fake-CAPTHA-page.txt

ASSOCIATED FILES:

• 2025-04-04-IOCs-for-KongTuke-activity.txt.zip   1.5 kB   (1,478 bytes)
• 2025-04-04-KongTuke-activity-for-possible-Async-RAT.pcap.zip   32.2 MB   (32,261,380 bytes)
• 2025-04-04-files-for-KongTuke-activity.zip   38.1 kB   (38,113 bytes)

 

Click here to return to the main page.