NetSupport RAT IOCs - Part 3

NetSupport RAT основан на NetSupport Manager, легитимном инструменте, который часто используется злоумышленниками в злонамеренных целях способами, аналогичными TeamViewer. NetSupport Manager, используемый злонамеренно или иным образом, обеспечивает полный и всесторонний контроль над целевым устройством.

Indicators of Compromise

Domains

• applycode.com
• averacompany.com
• bizziecleaning.com
• clickermedia.org
• environmentwi.com
• everythinghr.com
• fossiil.com
• givebackwhereyoulive.com
• globalbeitmidrash.net
• nhseprocurement.info
• panaka.net
• picasso-security.com
• podmusicsupply.com
• renew.com.pe
• setthebiblefree.org
• smartcityc2.com
• streamlinx3.com
• tyndallfcu.org
• x-tremefireworks.net

URLs

• http://195.201.237.50/fakeurl.htm
• http://eduvu.top/rt.php?i=
• http://geo.netsupportsoftware.com/location/loca.asp
• http://ipinfo.io/ip
• https://applycode.com/vfa2t
• https://averacompany.com/agi8w
• https://averacompany.com/pkq6y
• https://averacompany.com/xwd9k
• https://bizziecleaning.com/vkn0u
• https://cardiovascularguyersguide.com/uef5l
• https://clickermedia.org/oau8r
• https://digimania.com/pcs2f
• https://earthdaygeorgia.org/ezs0e
• https://environmentwi.com/cav1b
• https://environmentwi.com/fel7y
• https://everythinghr.com/1/
• https://everythinghr.com/x/
• https://fossiil.com/mpe3y
• https://givebackwhereyoulive.com/zgc6j
• https://globalbeitmidrash.net/qvc8w
• https://hotvouchers.com/ugx2p
• https://nhseprocurement.info/vko3z
• https://nhseprocurement.info/yum6h
• https://panaka.net/11/
• https://panaka.net/x1
• https://panaka.net/xc/
• https://picasso-security.com/gym9k
• https://pinnacle-vegas.com/dcc0b
• https://podmusicsupply.com/dag5v
• https://podmusicsupply.com/yua8l
• https://podmusicsupply.com/ztt1b
• https://renew.com.pe/1
• https://renew.com.pe/x2
• https://setthebiblefree.org/dyg1i
• https://setthebiblefree.org/ftj9o
• https://smartcityc2.com/nal5e
• https://streamlinx3.com/sjw4g
• https://tyndallfcu.org/yio7t
• https://x-tremefireworks.net/saq9a
• https://x-tremefireworks.net/why2f

Emails

• [email protected]
• [email protected]
• [email protected]
• [email protected]
• [email protected]
• [email protected]
• [email protected]
• [email protected]
• [email protected]
• [email protected]
• [email protected]
• [email protected]
• [email protected]
• [email protected]
• [email protected]
• [email protected]
• [email protected]
• [email protected]
• [email protected]
• [email protected]
• [email protected]
• [email protected]
• [email protected]
• [email protected]
• [email protected]
• [email protected]
• [email protected]

MD5

• 118bce2c3a77094b934e614dab5bb811
• 1f1f1467ca24fadd7c7f531d2227064e
• 2e4fcc677f22c281d8030c8528a17dd5
• 325b65f171513086438952a152a747c4
• 3b10a6e4dc974650be867ec93ea4d90f
• 4eb6564e0a2684495e17624abba91ad3
• 6581d2de93d303a5c199053205a55bcd
• 8454a55f9b610163882bdbbb6ca0bcf7
• 981c2d384257e55240bef6db4df90649
• 9a2d7546f215ac3e4d60aef0a0fc4981
• c0eb3eac96511077dafc0afa64c6388c
• d6f0ee5c833c7c50f9d1097cefc0ed68
• e1d8d6ff4a1783228f4377d9da4ba972
• edba6f8e4d39de6bc7b9ad6b89bb642b