Unidentified RAT pushes NetSupport RAT, (Mon, Jun 1st)

This report documents a SmartApeSG ClickFix campaign observed on 2026-05-27 where an initial unidentified RAT (non-HTTPS encoded traffic) contacted C2 89.110.110.119:443 and was used to deliver a NetSupport RAT package via a ZIP/CAB and supporting scripts; the report includes domains, IPs, SHA256 hashes, file locations, and persistence notes to support detection and mitigation.