ioc[.]one - OSINT Cyber Threat Intelligence Database

NetSupport RAT and RMS in malicious emails

Tags

country:

attack-pattern:

Data Audio Capture - T1429 Dll Side-Loading - T1574.002 Domains - T1583.001 Domains - T1584.001 Email Addresses - T1589.002 Javascript - T1059.007 Malicious File - T1204.002 Malware - T1587.001 Malware - T1588.001 Powershell - T1059.001 Remote Desktop Protocol - T1021.001 Server - T1583.004 Server - T1584.004 Software - T1592.002 Tool - T1588.002 Audio Capture - T1123 Dll Side-Loading - T1073 Powershell - T1086 Remote Desktop Protocol - T1076

Show in Graph

Common Information

Type	Value
UUID	ad466036-de47-4429-b69f-d3c4345a8bac
Fingerprint	94e1a82b2d25a2ca
Analysis status	DONE
Considered CTI value	2
Text language
Published	Dec. 2, 2024, 10 a.m.
Added to db	Dec. 2, 2024, 1:41 p.m.
Last updated	Dec. 17, 2024, 12:43 p.m.
Headline	Horns&Hooves campaign delivers NetSupport RAT and BurnsRAT
Title	NetSupport RAT and RMS in malicious emails
Detected Hints/Tags/Attributes	80/2/102

Source URLs

	Redirection	Url
Details	Source	https://securelist.com/horns-n-hooves-campaign-delivering-netsupport-rat/114740/

URL Provider

Details	Provider	Source level domain
Details	securelist.com	securelist.com

RSS Feed

Details	Id	Enabled	Feed title	Url	Added to db
Details	223	✔	Securelist	https://securelist.com/feed/	2024-08-30 22:08

Attributes

Details	Type	#Events	Value
Details	Domain	4	www.linkpicture.com
Details	Domain	5	golden-scalen.com
Details	Domain	7	xoomep1.com
Details	Domain	8	xoomep2.com
Details	Domain	6	labudanka1.com
Details	Domain	7	labudanka2.com
Details	Domain	5	gribidi1.com
Details	Domain	7	gribidi2.com
Details	Domain	7	shetrn1.com
Details	Domain	8	shetrn2.com
Details	File	2	арт-кп0005272381.js
Details	File	1	art-kp0005272381.js
Details	File	2	отэк-мн0008522309.js
Details	File	1	otek-mn0008522309.js
Details	File	3	1_1657.png
Details	File	4	bat_install.bat
Details	File	3	audiocapture.dll
Details	File	30	client32.exe
Details	File	13	client32.ini
Details	File	7	htctl32.dll
Details	File	44	msvcr100.dll
Details	File	7	nskbfltr.inf
Details	File	5	nsm_vpro.ini
Details	File	7	pcicapi.dll
Details	File	7	pcichek.dll
Details	File	7	pcicl32.dll
Details	File	7	remcmdstub.exe
Details	File	7	tcctl32.dll
Details	File	2	%appdata%\vcruntinesync\client32.exe
Details	File	37	next.js
Details	File	47	www.php
Details	File	2	zayavka.txt
Details	File	2	installer_bat_vbs.bat
Details	File	2	bld.bat
Details	File	2	года.js
Details	File	1	2023.js
Details	File	5	bld.exe
Details	File	21	1.js
Details	File	1	silverlight.7z
Details	File	36	libeay32.dll
Details	File	23	msimg32.dll
Details	File	13	settings.dat
Details	File	7	silverlight.config
Details	File	7	uration.exe
Details	File	27	ssleay32.dll
Details	File	2	w32.dat
Details	File	2	w64.dat
Details	File	10	wudfhost.exe
Details	File	1152	svchost.exe
Details	File	5	3.js
Details	File	4	666.bat
Details	File	4	ngg_cl.zip
Details	File	3	backbone.js
Details	File	4	installet_bat_vbs.bat
Details	md5	6	327a1f32572b4606ae19085769042e51
Details	md5	6	b3bde532cfbb95c567c069ca5f90652c
Details	md5	6	5f4284115ab9641f1532bb64b650aad6
Details	md5	6	20014b80a139ed256621b9c0ac4d7076
Details	md5	6	63647520b36144e31fb8ad7dd10e3d21
Details	md5	6	edfb8d26fa34436f2e92d5be1cb5901b
Details	md5	6	67677c815070ca2e3ebd57a6adb58d2e
Details	md5	6	34eb579dc89e1dc0507ad646a8dce8be
Details	md5	6	29362dcdb6c57dde0c112e25c9706dcf
Details	md5	6	882f2de65605dd90ee17fb65a01fe2c7
Details	md5	6	0fea857a35b972899e8f1f60ee58e450
Details	md5	5	7f0ee078c8902f12d6d9e300dabf6aed
Details	md5	6	8096e00aa7877b863ef5a437f55c8277
Details	md5	6	12ab1bc0989b32c55743df9b8c46af5a
Details	md5	5	50dc5faa02227c0aefa8b54c8e5b2b0d
Details	md5	6	e760a5ce807c756451072376f88760d7
Details	md5	6	b03c67239e1e774077995bac331a8950
Details	md5	6	ba69cc9f087411995c64ca0d96da7b69
Details	md5	6	051552b4da740a3af5bd5643b1dc239a
Details	md5	6	3e86f6fc7ed037f3c9560cc59aa7aacc
Details	md5	6	ae4d6812f5638d95a82b3fa3d4f92861
Details	md5	6	17a78f50e32679f228c43823faabedfd
Details	md5	6	b9956282a0fed076ed083892e498ac69
Details	md5	7	1b41e64c60ca9dfadeb063cd822ab089
Details	IPv4	5	188.227.58.243
Details	IPv4	5	188.227.106.124
Details	IPv4	5	193.42.32.138
Details	IPv4	5	45.133.16.135
Details	IPv4	5	87.251.67.51
Details	IPv4	5	31.44.4.40
Details	Url	4	https://www.linkpicture.com/q/1_1657.png
Details	Url	5	https://golden-scalen.com/files
Details	Url	5	http://188.227.58.243/pretencia/www.php
Details	Url	2	https://golden-scalen.com/files/.
Details	Url	5	http://188.227.106.124/test/js/www.php
Details	Url	2	http://193.42.32.138/api/.
Details	Url	5	http://45.133.16.135/zayavka/www.php
Details	Url	5	http://45.133.16.135/zayavka/666.bat
Details	Url	5	http://45.133.16.135/zayavka/1.yay
Details	Url	5	http://golden-scalen.com/ngg_cl.zip
Details	Url	5	http://193.42.32.138/api
Details	Url	5	http://87.251.67.51/api
Details	Url	5	http://31.44.4.40/test/bat_install.bat
Details	Url	5	http://188.227.58.243/zayavka/www.php
Details	Url	5	http://188.227.58.243/pretencia/installet_bat_vbs.bat
Details	Url	5	http://188.227.106.124/test/js/bld.exe
Details	Url	5	http://188.227.106.124/test/js/1.js
Details	Windows Registry Key	118	HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run