NetSupportRAT

NetSupportRAT NetSupport Manager abuse. Legitimate remote management tool used maliciously. CurrentVersion\Run persistence.

Threat Profile
Type RAT
Programming LanguageC++
C2 ProtocolTCP/HTTP
First Seen2017
Targets Kurumsal
Purpose / Capabilities
  • Remote Access
No C2 servers have been identified for this family yet.

Research Reports (5)

Medium

NetSupportRAT -- Rate_RATE_AGR_Jun29.exe Tarih Damgalı Anlaşma Lürü, CurrentVersion/Run Autorun, Connection Timeout Retry Meşru NetSupport Stringleri | Orta

NetSupportRAT 196KB Rate_RATE_AGR_Jun29.exe Jun29 tarih damgali rate agreement lurü. Software\Microsoft\Windows\CurrentVersion\Run autorun. Connection timeout after d ms retrying.

Read Report →
High

NetSupportRAT2 -- geo.netsupportsoftware.com Konum Servisi, EV_CONFIGSET Olay Protokolü, Ses Akışı PCICL32.DLL | Yüksek

NetSupportRAT2 2.2MB NS2H.zip PCICL32.DLL. geo.netsupportsoftware.com loca.asp konum servisi. EV_CONFIGSET olay protokol. Ses akisi ses izleme.

Read Report →
Medium

NetSupportRAT -- Rate_RATE_AGR_Jun29.exe Haziran 29 Tarihli Teklif Lure, Kodlanmış Config | Orta

NetSupportRAT 201KB Rate_RATE_AGR_Jun29.exe Haziran 29 teklif anlasma lure. IMCPBLGFEPGLGD uzun kodlanmis config string.

Read Report →
High

NetSupportRAT -- Rate_RATE_AGR_Jun29.exe Teslim Adlandırma, Meşru RMM Kötüye Kullanımı | Yüksek

NetSupportRAT 201KB Rate_RATE_AGR_Jun29.exe. Meşru NetSupport Manager RMM aracının tehdit aktörü kötüye kullanımı. TA569.

Read Report →
High

NetSupportRAT -- Rate_RATE_AGR_Jun29.exe 201KB, Windows System Settings Host Kamuflaj | Yüksek

NetSupportRAT 201KB. Windows System Settings Host XML kamuflaj. Registry persistence.

Read Report →