ioc[.]one - OSINT Cyber Threat Intelligence Database

Fake Software Update Abuses NetSupport Remote Access Tool | Mandiant

Tags

cmtmf-attack-pattern:	Masquerading
country:	Netherlands Germany
attack-pattern:	Data Model Ip Addresses - T1590.005 Javascript - T1059.007 Malware - T1587.001 Malware - T1588.001 Masquerading - T1655 Powershell - T1059.001 Server - T1583.004 Server - T1584.004 Software - T1592.002 Tool - T1588.002 Masquerading - T1036 Powershell - T1086 Windows Management Instrumentation - T1047 Masquerading

Show in Graph

Common Information

Type	Value
UUID	b1a11a92-470e-45bf-9705-765fd372caf3
Fingerprint	bc67910b61372f8f
Analysis status	DONE
Considered CTI value	2
Text language
Published	April 5, 2018, midnight
Added to db	Nov. 9, 2023, 12:27 a.m.
Last updated	Nov. 17, 2024, 6:55 p.m.
Headline	Fake Software Update Abuses NetSupport Remote Access Tool
Title	Fake Software Update Abuses NetSupport Remote Access Tool \| Mandiant
Detected Hints/Tags/Attributes	54/3/47

Source URLs

	Redirection	Url
Details	Source	https://www.mandiant.com/resources/blog/fake-software-update-abuses-netsupport-remote-access-tool

URL Provider

Details	Provider	Source level domain
Details	mandiant.com	www.mandiant.com

RSS Feed

Details	Id	Enabled	Feed title	Url	Added to db
Details	330	✔	Threat Intelligence	https://www.mandiant.com/resources/blog/rss.xml	2024-08-30 22:08

Attributes

Details	Type	#Events	Value
Details	Domain	15	wscript.network
Details	File	22	update.js
Details	File	376	wscript.exe
Details	File	42	7za.exe
Details	File	1	loglist.rtf
Details	File	4	downloads.txt
Details	File	67	get.php
Details	File	27	client32.exe
Details	File	196	desktop.ini
Details	File	1	%appdata%\manifeststore\client32.exe
Details	File	1	%appdata%\manifeststore\client32.ini
Details	File	1	%appdata%\manifeststore\htctl32.dll
Details	File	1	%appdata%\manifeststore\msvcr100.dll
Details	File	1	%appdata%\manifeststore\nskbfltr.inf
Details	File	1	%appdata%\manifeststore\nsm.ini
Details	File	1	%appdata%\manifeststore\nsm_vpro.ini
Details	File	1	%appdata%\manifeststore\pcicapi.dll
Details	File	1	%appdata%\manifeststore\pcichek.dll
Details	File	1	%appdata%\manifeststore\pcicl32.dll
Details	File	1	%appdata%\manifeststore\remcmdstub.exe
Details	File	1	%appdata%\manifeststore\tcctl32.dll
Details	File	1	%appdata%\systemupdate\whitepaper.docx
Details	File	1	%appdata%\roaming\microsoft\windows\start menu\programs\startup\desktop.ini
Details	md5	1	fc87951ae927d0fe5eb14027d43b1fc3
Details	md5	1	e3b0fd6c3c97355b7187c639ad9fb97a
Details	md5	1	a8e8b2072cbdf41f62e870ec775cb246
Details	md5	1	6c5fd3258f6eb2a7beaf1c69ee121b9f
Details	md5	1	31e7e9db74525b255f646baf2583c419
Details	md5	1	065ed6e04277925dcd6e0ff72c07b65a
Details	md5	1	12dd86b842a4d3fe067cdb38c3ef089a
Details	md5	1	350ae71bc3d9f0c1d7377fb4e737d2a4
Details	md5	1	c749321f56fce04ad8f4c3c31c7f33ff
Details	md5	1	c7abd2c0b7fd8c19e08fe2a228b021b9
Details	md5	1	b624735e02b49cfdd78df7542bf8e779
Details	md5	1	5a082bb45dbab012f17120135856c2fc
Details	md5	1	dc4bb711580e6b2fafa32353541a3f65
Details	md5	1	e57e4727100be6f3d243ae08011a18ae
Details	md5	1	9bf55bf8c2f4072883e01254cba973e6
Details	md5	1	20a6aa24e5586375c77b4dc1e00716f2
Details	md5	1	aa2a195d0581a78e01e62beabb03f5f0
Details	md5	1	99c7a56ba04c435372bea5484861cbf3
Details	md5	1	8c0d17d472589df4f597002d8f2ba487
Details	md5	1	227c634e563f256f396b4071ffda2e05
Details	md5	1	ef315aa749e2e33fc6df09d10ae6745d
Details	md5	1	341148a5ef714cf6cd98eb0801f07a01
Details	Windows Registry Key	47	HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
Details	Windows Registry Key	1	HKCU\Software\SeX\KEx