THE diary entry by Brad Duncan discusses the SmartApeSG campaign's use of multiple Remote Access Trojans (RATs), specifically Remcos RAT, NetSupport RAT, StealC, and Sectop RAT (ArechClient2). The timeline of the campaign indicates that post-infection activity began shortly after the execution of a ClickFix script on a compromised CAPTCHA page.
The entry includes detailed indicators of compromise, such as associated domains, IP addresses, and file hashes for malware packages, alongside examples of malicious files retrieved during the campaign. The author underscores the dynamic nature of the indicators associated with SmartApeSG, noting that they can change frequently.