#netsupport результаты поиска

This obfuscation was crazy 🤩 I found it in some .bat files used to infect with #NetSupport RAT in July (#HANEYMANEY/#ZPHP distribution), C2: 5.252.178.48. Does anyone know what this type of obfuscation is called? 🧐 I shared the samples on Bazaar, for anyone who wants to dig…

1ZRR4H's tweet image. This obfuscation was crazy 🤩 I found it in some .bat files used to infect with #NetSupport RAT in July (#HANEYMANEY/#ZPHP distribution), C2: 5.252.178.48.

Does anyone know what this type of obfuscation is called? 🧐

I shared the samples on Bazaar, for anyone who wants to dig…

#webshell #opendir #netsupport #rat at: https://appointedtimeagriculture\.com/wp-includes/blocks/post-content/ GatewayAddress=95.179.158.213:443 RADIUSSecret=dgAAAPpMkI7ke494fKEQRUoablcA

James_inthe_box's tweet image. #webshell #opendir #netsupport #rat at:

https://appointedtimeagriculture\.com/wp-includes/blocks/post-content/

GatewayAddress=95.179.158.213:443
RADIUSSecret=dgAAAPpMkI7ke494fKEQRUoablcA

🚨 #NetSupport RAT is a legit remote access app turned cyber weapon. Its activity spiked in 2025 with data theft attacks targeting healthcare, government, and SMBs in NA and EU. 👨‍💻 Read report and see analysis of a fresh sample: any.run/malware-trends…

anyrun_app's tweet image. 🚨 #NetSupport RAT is a legit remote access app turned cyber weapon. Its activity spiked in 2025 with data theft attacks targeting healthcare, government, and SMBs in NA and EU.

👨‍💻 Read report and see analysis of a fresh sample: any.run/malware-trends…

Thanks for sharing! #PureCrypter leads to #NetSupport RAT - 1st stage from: /centredesoinsanj.test-sites.fr/wp-admin/images/css/hills/bo/Zbstsgyoyuo.bmp (+#opendir) - 2nd stage from: /github.com/BotTradingg/loader/releases NetSupport C2: http://176.124.216.31/fakeurl.htm

1ZRR4H's tweet image. Thanks for sharing!

#PureCrypter leads to #NetSupport RAT
- 1st stage from: /centredesoinsanj.test-sites.fr/wp-admin/images/css/hills/bo/Zbstsgyoyuo.bmp (+#opendir)
- 2nd stage from: /github.com/BotTradingg/loader/releases

NetSupport C2:
http://176.124.216.31/fakeurl.htm

#netsupport #rat ❇️Client32.ini MD5 👉ef882a180b4d95e3694be055d60367f8 👉26924d58c0d5fadf5e5c96bdc7532ea5 Gateway👇 ⛔️westford-systems.]icu:1203 ⛔️cdn.westford-computing6.]net:1203 Sample👇 bazaar.abuse.ch/sample/d5348df… Reference👇 malware-traffic-analysis.net/2025/08/20/ind… cc @500mk500 @skocherhan

JAMESWT_WT's tweet image. #netsupport #rat 
❇️Client32.ini
MD5
👉ef882a180b4d95e3694be055d60367f8
👉26924d58c0d5fadf5e5c96bdc7532ea5

Gateway👇
⛔️westford-systems.]icu:1203
⛔️cdn.westford-computing6.]net:1203

Sample👇
bazaar.abuse.ch/sample/d5348df…

Reference👇
malware-traffic-analysis.net/2025/08/20/ind…

cc @500mk500 @skocherhan

5[.]181[.]157[.]34 AS39798 MivoCloud SRL 🇲🇩 #NetSupport @JAMESWT_WT

skocherhan's tweet image. 5[.]181[.]157[.]34
AS39798 MivoCloud SRL 🇲🇩
#NetSupport @JAMESWT_WT

🚩 #404TDS#NetSupport RAT (seen 10 days ago, link still active). 1.- https://accesstobenefits[.]com/cjb1z ↩️ 2.- https://ziahasanexposed[.]com/temp/Update_Accounting_billing_details_dtd_0026032024_pdf.zip NetSupport C2: dcnlaleanae8[.]com:3120 dcnlaleanae9[.]com:3120 +…

1ZRR4H's tweet image. 🚩 #404TDS → #NetSupport RAT
(seen 10 days ago, link still active).

1.- https://accesstobenefits[.]com/cjb1z ↩️
2.- https://ziahasanexposed[.]com/temp/Update_Accounting_billing_details_dtd_0026032024_pdf.zip

NetSupport C2: 
dcnlaleanae8[.]com:3120
dcnlaleanae9[.]com:3120

+…
1ZRR4H's tweet image. 🚩 #404TDS → #NetSupport RAT
(seen 10 days ago, link still active).

1.- https://accesstobenefits[.]com/cjb1z ↩️
2.- https://ziahasanexposed[.]com/temp/Update_Accounting_billing_details_dtd_0026032024_pdf.zip

NetSupport C2: 
dcnlaleanae8[.]com:3120
dcnlaleanae9[.]com:3120

+…
1ZRR4H's tweet image. 🚩 #404TDS → #NetSupport RAT
(seen 10 days ago, link still active).

1.- https://accesstobenefits[.]com/cjb1z ↩️
2.- https://ziahasanexposed[.]com/temp/Update_Accounting_billing_details_dtd_0026032024_pdf.zip

NetSupport C2: 
dcnlaleanae8[.]com:3120
dcnlaleanae9[.]com:3120

+…

#NetSupport #Rat Client32.ini MD5 de6d8f6af4bf9087a4d2ab3c88e2cb14 👇 ⛔️194.0.234.]17:443 Client32.ini MD5 006a74830a4047fe9e1d5e574a2e6eba 👇 ⛔️193.24.123.]37:443 Samples bazaar.abuse.ch/browse/tag/194… bazaar.abuse.ch/browse/tag/193… cc @500mk500 @skocherhan @abuse_ch

JAMESWT_WT's tweet image. #NetSupport #Rat 
Client32.ini
MD5 de6d8f6af4bf9087a4d2ab3c88e2cb14
👇
⛔️194.0.234.]17:443

Client32.ini
MD5 006a74830a4047fe9e1d5e574a2e6eba
👇
⛔️193.24.123.]37:443

Samples
bazaar.abuse.ch/browse/tag/194…
bazaar.abuse.ch/browse/tag/193…

cc @500mk500 @skocherhan @abuse_ch

❌ WARNING 🚨 Hackers have used a well-crafted #PokemonNFT card game website to distribute the #NetSupport remote access tool 💀 They can now remotely connect to a user's device to steal data, install other malware, etc #pokemonCards #Hacked #GamingNews #NFTs

solicydotnet's tweet image. ❌ WARNING 🚨

Hackers have used a well-crafted #PokemonNFT card game website to distribute the #NetSupport remote access tool 💀

They can now remotely connect to a user's device to steal data, install other malware, etc 

#pokemonCards #Hacked #GamingNews #NFTs

Compromised site blawx[.]com downloads Javascript file BILL47189.js (bazaar.abuse.ch/sample/a95fe0e…) which eventually leads to #Netsupport RAT. "Exclusive Insights: Unveiling 2024's Lucrative Payouts!" Next stages: - https://blawx[.]com/letter.php?36393 -…

1ZRR4H's tweet image. Compromised site blawx[.]com downloads Javascript file BILL47189.js (bazaar.abuse.ch/sample/a95fe0e…) which eventually leads to #Netsupport RAT. "Exclusive Insights: Unveiling 2024's Lucrative Payouts!"

Next stages:
- https://blawx[.]com/letter.php?36393
-…
1ZRR4H's tweet image. Compromised site blawx[.]com downloads Javascript file BILL47189.js (bazaar.abuse.ch/sample/a95fe0e…) which eventually leads to #Netsupport RAT. "Exclusive Insights: Unveiling 2024's Lucrative Payouts!"

Next stages:
- https://blawx[.]com/letter.php?36393
-…
1ZRR4H's tweet image. Compromised site blawx[.]com downloads Javascript file BILL47189.js (bazaar.abuse.ch/sample/a95fe0e…) which eventually leads to #Netsupport RAT. "Exclusive Insights: Unveiling 2024's Lucrative Payouts!"

Next stages:
- https://blawx[.]com/letter.php?36393
-…
1ZRR4H's tweet image. Compromised site blawx[.]com downloads Javascript file BILL47189.js (bazaar.abuse.ch/sample/a95fe0e…) which eventually leads to #Netsupport RAT. "Exclusive Insights: Unveiling 2024's Lucrative Payouts!"

Next stages:
- https://blawx[.]com/letter.php?36393
-…

🚩 "svcservice.exe": bazaar.abuse.ch/sample/0fdc3d4…. Next stages: hxxp://andater393[.]net/see1.zip hxxp://andater393[.]net/see2.zip hxxp://andater393[.]net/see3.zip #NetSupport RAT C2: svanaten1[.]com:1061 svanaten2[.]com:1061 licensee=DERRJON34 serial_no=NSM186593 [+]…

1ZRR4H's tweet image. 🚩 "svcservice.exe": bazaar.abuse.ch/sample/0fdc3d4….

Next stages:
hxxp://andater393[.]net/see1.zip
hxxp://andater393[.]net/see2.zip
hxxp://andater393[.]net/see3.zip

#NetSupport RAT C2:
svanaten1[.]com:1061
svanaten2[.]com:1061

licensee=DERRJON34
serial_no=NSM186593

[+]…

🚨 Malicious Javascript File Evaded Most of the AV Solutions #NetSupport🚨 📌 VT Detection: 3 / 58 📁 Filename: Update_browser_17.6436.js 🔐 MD5: 1c2732211585c64719d576f600937215 🕵️‍♂️ IOCs: phinetik[.]com DOCGuard Report: app.docguard.io/878cd20bb0e499…

doc_guard's tweet image. 🚨 Malicious Javascript File Evaded Most of the AV Solutions #NetSupport🚨

📌 VT Detection: 3 / 58

📁 Filename: Update_browser_17.6436.js
🔐 MD5: 1c2732211585c64719d576f600937215
🕵️‍♂️ IOCs: phinetik[.]com

DOCGuard Report: app.docguard.io/878cd20bb0e499…
doc_guard's tweet image. 🚨 Malicious Javascript File Evaded Most of the AV Solutions #NetSupport🚨

📌 VT Detection: 3 / 58

📁 Filename: Update_browser_17.6436.js
🔐 MD5: 1c2732211585c64719d576f600937215
🕵️‍♂️ IOCs: phinetik[.]com

DOCGuard Report: app.docguard.io/878cd20bb0e499…
doc_guard's tweet image. 🚨 Malicious Javascript File Evaded Most of the AV Solutions #NetSupport🚨

📌 VT Detection: 3 / 58

📁 Filename: Update_browser_17.6436.js
🔐 MD5: 1c2732211585c64719d576f600937215
🕵️‍♂️ IOCs: phinetik[.]com

DOCGuard Report: app.docguard.io/878cd20bb0e499…
doc_guard's tweet image. 🚨 Malicious Javascript File Evaded Most of the AV Solutions #NetSupport🚨

📌 VT Detection: 3 / 58

📁 Filename: Update_browser_17.6436.js
🔐 MD5: 1c2732211585c64719d576f600937215
🕵️‍♂️ IOCs: phinetik[.]com

DOCGuard Report: app.docguard.io/878cd20bb0e499…

📣 Need to get in touch with NET? 🤝 We are here to help. For any inquiries, questions, or assistance, you can contact us through the following channels. Our team is ready to assist you! Don't hesitate to reach out. 🔗 #ContactUs #NETSupport

nettrke's tweet image. 📣 Need to get in touch with NET? 🤝 We are here to help.

For any inquiries, questions, or assistance, you can contact us through the following channels. 

Our team is ready to assist you! Don't hesitate to reach out. 🔗 #ContactUs #NETSupport

'BL3.ps1' looks like #NetSupport @abuse_ch bazaar.abuse.ch/sample/446e471… 193.143.1(.)216:443 (Proton66)

smica83's tweet image. 'BL3.ps1' looks like #NetSupport @abuse_ch 
bazaar.abuse.ch/sample/446e471…  
193.143.1(.)216:443 (Proton66)

#netsupport #rat Samples Collection updated / tagged Client32.ini (MD5) 619d70ce84063c8e7e0817cb68e00bad 176.124.203.76:443 Client32.ini (MD5) a04a1940b7b97dc88f0d6aadab4cb095 basketballast.]com:443 blueprintsfdskjhfd.]com:443 62.164.177.48:443 1/2

JAMESWT_WT's tweet image. #netsupport #rat 
Samples Collection updated /  tagged

Client32.ini (MD5)
619d70ce84063c8e7e0817cb68e00bad
176.124.203.76:443

Client32.ini (MD5)
a04a1940b7b97dc88f0d6aadab4cb095
basketballast.]com:443
blueprintsfdskjhfd.]com:443   
62.164.177.48:443

1/2

Wonderful to finally meet and chat with the fab @OliverSlt IRL! Great #NetSupportInsights episode to come all about #Leadership. @NetSupportGroup #NetSupport #SE51 @Bett_show #Bett23

K_Cauchi's tweet image. Wonderful to finally meet and chat with the fab @OliverSlt IRL! Great #NetSupportInsights episode to come all about #Leadership. @NetSupportGroup #NetSupport #SE51 @Bett_show #Bett23

We're live at GITEX GLOBAL 2025 and ready to show you the power of secure remote control. 🚀 Stop by our stand for a live demo of NetSupport Manager and see how you can get fast, secure remote control over any device. 📍 Find the team at Stand H4A-20. #NetSupport #GITEXGLOBAL

NetSupportNSM's tweet image. We're live at GITEX GLOBAL 2025 and ready to show you the power of secure remote control. 🚀
Stop by our stand for a live demo of NetSupport Manager and see how you can get fast, secure remote control over any device.
📍 Find the team at Stand H4A-20.

#NetSupport #GITEXGLOBAL

Come and see the NetSupport team for an exclusive demo of our latest solutions and score some awesome freebies! Stop by our stand to say hello! 👋 Learn more about the event: gitex.com #NetSupport #GITEX #TechEvent #FutureTech #Freebies #GITEX2025 @GITEX_GLOBAL

NetSupport_Corp's tweet image. Come and see the NetSupport team for an exclusive demo of our latest solutions and score some awesome freebies! Stop by our stand to say hello! 👋

Learn more about the event: gitex.com

#NetSupport #GITEX #TechEvent #FutureTech #Freebies #GITEX2025 @GITEX_GLOBAL

#netsupport #rat Samples Collection updated / tagged Client32.ini (MD5) 619d70ce84063c8e7e0817cb68e00bad 176.124.203.76:443 Client32.ini (MD5) a04a1940b7b97dc88f0d6aadab4cb095 basketballast.]com:443 blueprintsfdskjhfd.]com:443 62.164.177.48:443 1/2

JAMESWT_WT's tweet image. #netsupport #rat 
Samples Collection updated /  tagged

Client32.ini (MD5)
619d70ce84063c8e7e0817cb68e00bad
176.124.203.76:443

Client32.ini (MD5)
a04a1940b7b97dc88f0d6aadab4cb095
basketballast.]com:443
blueprintsfdskjhfd.]com:443   
62.164.177.48:443

1/2

'@GITEX_GLOBAL 2025 is coming! We're excited to be part of the world’s largest tech show to showcase our award-winning software solutions! ✅ Remote control ✅ITAM ✅Alerting and notification ✅Training and onboarding ✅Classroom management #GITEXGLOBAL #NetSupport #TechNews

NetSupport_Corp's tweet image. '@GITEX_GLOBAL 2025 is coming! We're excited to be part of the world’s largest tech show to showcase our award-winning software solutions!

✅ Remote control
✅ITAM
✅Alerting and notification
✅Training and onboarding
✅Classroom management

#GITEXGLOBAL #NetSupport #TechNews

It's time to ditch the loyalty tax! Check out our modern, secure and feature-rich tools with flexible pricing and free training. buff.ly/rC6Onh9 #SoftwareSolutions #ITPros #NetSupport


It's time to ditch the loyalty tax! Check out our modern, secure and feature-rich tools with flexible pricing and free training. buff.ly/rC6Onh9 #SoftwareSolutions #ITPros #NetSupport


It's time to ditch the loyalty tax! Check out our modern, secure and feature-rich tools with flexible pricing and free training. buff.ly/rC6Onh9 #SoftwareSolutions #ITPros #NetSupport


Es ist Zeit, die Loyalitätssteuer abzuschaffen! Entdecken Sie unsere modernen, sicheren und funktionsreichen Tools mit flexiblen Preisen und kostenlosen Schulungen. buff.ly/rC6Onh9 #SoftwareLösungen #ITProfis #NetSupport

NetSupport_de's tweet image. Es ist Zeit, die Loyalitätssteuer abzuschaffen! Entdecken Sie unsere modernen, sicheren und funktionsreichen Tools mit flexiblen Preisen und kostenlosen Schulungen. buff.ly/rC6Onh9

#SoftwareLösungen #ITProfis #NetSupport

#netsupport #rat client32.ini MD5 15d827801ccc1c544cbcd6ddf737d19f stenslie.]com:3085 itnblog.]com:3085 MD5 daa0f1d6b1856657445c4d0261db38fd 45.88.104.]5:443 MD5 a7ac424709447b46683d018ba7dac685 95.179.154.]161:443 1/2 cc @500mk500

JAMESWT_WT's tweet image. #netsupport #rat 

client32.ini
MD5 15d827801ccc1c544cbcd6ddf737d19f

stenslie.]com:3085
itnblog.]com:3085

MD5 daa0f1d6b1856657445c4d0261db38fd
45.88.104.]5:443

MD5 a7ac424709447b46683d018ba7dac685
95.179.154.]161:443

1/2

cc @500mk500

So #netsupport #rat Client32.ini 2025-09-19 MD5 9b408f3004b6e26f2d53a987a701c3b0 👇 Gateway 141.98.11.]224:5555 nsgatetest1.]digital:5555 From f003.backblazeb2.]com/file/tempfilestorage/adaptive.msi Samples Collection bazaar.abuse.ch/browse/tag/nsg… 🤟 @SquiblydooBlog cc @500mk500

JAMESWT_WT's tweet image. So #netsupport #rat
Client32.ini 2025-09-19
MD5
9b408f3004b6e26f2d53a987a701c3b0
👇
Gateway
141.98.11.]224:5555
nsgatetest1.]digital:5555 

From
f003.backblazeb2.]com/file/tempfilestorage/adaptive.msi

Samples Collection
bazaar.abuse.ch/browse/tag/nsg…

🤟 @SquiblydooBlog 
cc @500mk500

"FUD" from VirusTotal. Signed, 112 MB file. Lets analyze. File is SingleFile .NET; I see this with Malcat: Debug and Exports indicate it is SingleFile (green arrows in image) Also, Malcat carved 270 PE out of the overlay (blue arrow), indicative of SingleFile .NET 1/8

SquiblydooBlog's tweet image. "FUD" from VirusTotal.
Signed, 112 MB file.

Lets analyze.

File is SingleFile .NET; I see this with Malcat: 
Debug and Exports indicate it is SingleFile (green arrows in image)

Also, Malcat carved 270 PE out of the overlay (blue arrow), indicative of SingleFile .NET
1/8
SquiblydooBlog's tweet image. "FUD" from VirusTotal.
Signed, 112 MB file.

Lets analyze.

File is SingleFile .NET; I see this with Malcat: 
Debug and Exports indicate it is SingleFile (green arrows in image)

Also, Malcat carved 270 PE out of the overlay (blue arrow), indicative of SingleFile .NET
1/8


Everything you need to know about NetSupport Manager, all in one place. 👉 Watch our videos to see how you can securely manage devices from anywhere. buff.ly/HuKXX6d #NetSupport #RemoteDesktop #ITPro

NetSupportNSM's tweet image. Everything you need to know about NetSupport Manager, all in one place. 👉 Watch our videos to see how you can securely manage devices from anywhere. buff.ly/HuKXX6d 

#NetSupport #RemoteDesktop #ITPro

Everything you need to know about NetSupport Manager, all in one place. 👉 Watch our videos to see how you can securely manage devices from anywhere. buff.ly/HuKXX6d #NetSupport #RemoteDesktop #ITPro

NetSupport_Corp's tweet image. Everything you need to know about NetSupport Manager, all in one place. 👉 Watch our videos to see how you can securely manage devices from anywhere. buff.ly/HuKXX6d 

#NetSupport #RemoteDesktop #ITPro

Everything you need to know about NetSupport Manager, all in one place. 👉 Watch our videos to see how you can securely manage devices from anywhere. buff.ly/HuKXX6d #NetSupport #RemoteDesktop #ITPro

NetSupportICorp's tweet image. Everything you need to know about NetSupport Manager, all in one place. 👉 Watch our videos to see how you can securely manage devices from anywhere. buff.ly/HuKXX6d 

#NetSupport #RemoteDesktop #ITPro

#APT #UAC0050 #NetSupport #RAT C2: 178.16.54./125 178.16.54./134 178.16.54./139

🚨 UAC-0050 is spreading NetSupport Manager in a new campaign. C2 servers: hxxp://178.16.54[.]130/fakeurl.htm hxxp://178.16.54[.]131/fakeurl.htm hxxp://178.16.54[.]132/fakeurl.htm



#netsupport #rat👇 Client32.ini MD5 1bbaaefeaa6cc19451eb65ebb88a69b3 141.98.11.]175:443 lastmychancetoss.]com:443 kaldotrototo.]com:443 Samples👇 bazaar.abuse.ch/browse/tag/141… cc @500mk500 @skocherhan

JAMESWT_WT's tweet image. #netsupport #rat👇
Client32.ini
MD5 1bbaaefeaa6cc19451eb65ebb88a69b3

141.98.11.]175:443
lastmychancetoss.]com:443
kaldotrototo.]com:443

Samples👇
bazaar.abuse.ch/browse/tag/141…

cc @500mk500 @skocherhan

Every school needs a proactive way to protect students. classroom.cloud gives educators the insights they need to keep kids safe. buff.ly/hbgO4DP #SchoolSafety #CyberSecurity #NetSupport


No bots, just people. 🗣️ When you contact us, you'll always get a real person ready to help. That's the NetSupport difference. buff.ly/YteoHAo #NetSupport #CustomerService #ITSupport

NetSupportICorp's tweet image. No bots, just people. 🗣️ When you contact us, you'll always get a real person ready to help. That's the NetSupport difference. buff.ly/YteoHAo 
#NetSupport #CustomerService #ITSupport

This obfuscation was crazy 🤩 I found it in some .bat files used to infect with #NetSupport RAT in July (#HANEYMANEY/#ZPHP distribution), C2: 5.252.178.48. Does anyone know what this type of obfuscation is called? 🧐 I shared the samples on Bazaar, for anyone who wants to dig…

1ZRR4H's tweet image. This obfuscation was crazy 🤩 I found it in some .bat files used to infect with #NetSupport RAT in July (#HANEYMANEY/#ZPHP distribution), C2: 5.252.178.48.

Does anyone know what this type of obfuscation is called? 🧐

I shared the samples on Bazaar, for anyone who wants to dig…

#webshell #opendir #netsupport #rat at: https://appointedtimeagriculture\.com/wp-includes/blocks/post-content/ GatewayAddress=95.179.158.213:443 RADIUSSecret=dgAAAPpMkI7ke494fKEQRUoablcA

James_inthe_box's tweet image. #webshell #opendir #netsupport #rat at:

https://appointedtimeagriculture\.com/wp-includes/blocks/post-content/

GatewayAddress=95.179.158.213:443
RADIUSSecret=dgAAAPpMkI7ke494fKEQRUoablcA

vietnam24hvoyage[.]com C2: 185[.]163[.]45[.]41 AS39798 MivoCloud SRL 🇲🇩 #NetSupport @JAMESWT_WT

skocherhan's tweet image. vietnam24hvoyage[.]com

C2: 185[.]163[.]45[.]41
AS39798 MivoCloud SRL 🇲🇩
#NetSupport @JAMESWT_WT

Interesting #FakeSG execution from an HTA payload that leads to #NetSupport. Find my SIGMA rule for detecting this cool cmstp.exe execution technique below: ➡️Lots of initial PowerShell obfuscated scripts ➡️Using cmstp.exe to install a fake connection manager service profile…

Kostastsale's tweet image. Interesting #FakeSG execution from an HTA payload that leads to #NetSupport. Find my SIGMA rule for detecting this cool cmstp.exe execution technique below:

➡️Lots of initial PowerShell obfuscated scripts
➡️Using cmstp.exe to install a fake connection manager service profile…
Kostastsale's tweet image. Interesting #FakeSG execution from an HTA payload that leads to #NetSupport. Find my SIGMA rule for detecting this cool cmstp.exe execution technique below:

➡️Lots of initial PowerShell obfuscated scripts
➡️Using cmstp.exe to install a fake connection manager service profile…
Kostastsale's tweet image. Interesting #FakeSG execution from an HTA payload that leads to #NetSupport. Find my SIGMA rule for detecting this cool cmstp.exe execution technique below:

➡️Lots of initial PowerShell obfuscated scripts
➡️Using cmstp.exe to install a fake connection manager service profile…

Thanks for sharing! #PureCrypter leads to #NetSupport RAT - 1st stage from: /centredesoinsanj.test-sites.fr/wp-admin/images/css/hills/bo/Zbstsgyoyuo.bmp (+#opendir) - 2nd stage from: /github.com/BotTradingg/loader/releases NetSupport C2: http://176.124.216.31/fakeurl.htm

1ZRR4H's tweet image. Thanks for sharing!

#PureCrypter leads to #NetSupport RAT
- 1st stage from: /centredesoinsanj.test-sites.fr/wp-admin/images/css/hills/bo/Zbstsgyoyuo.bmp (+#opendir)
- 2nd stage from: /github.com/BotTradingg/loader/releases

NetSupport C2:
http://176.124.216.31/fakeurl.htm

144[.]172[.]104[.]121 AS14956 ROUTERHOSTING 🇺🇸 #NetSupport

skocherhan's tweet image. 144[.]172[.]104[.]121
AS14956 ROUTERHOSTING 🇺🇸
#NetSupport

🚨 #NetSupport RAT is a legit remote access app turned cyber weapon. Its activity spiked in 2025 with data theft attacks targeting healthcare, government, and SMBs in NA and EU. 👨‍💻 Read report and see analysis of a fresh sample: any.run/malware-trends…

anyrun_app's tweet image. 🚨 #NetSupport RAT is a legit remote access app turned cyber weapon. Its activity spiked in 2025 with data theft attacks targeting healthcare, government, and SMBs in NA and EU.

👨‍💻 Read report and see analysis of a fresh sample: any.run/malware-trends…

5[.]181[.]157[.]34 AS39798 MivoCloud SRL 🇲🇩 #NetSupport @JAMESWT_WT

skocherhan's tweet image. 5[.]181[.]157[.]34
AS39798 MivoCloud SRL 🇲🇩
#NetSupport @JAMESWT_WT

A brief example analysis of the malware spread over SEO Poisoning, delivering #Lumma Stealer and #NetSupport targeting hard crypto wallets Thread👇👇

g0njxa's tweet image. A brief example analysis of the malware spread over SEO Poisoning, delivering #Lumma Stealer and #NetSupport targeting hard crypto wallets

Thread👇👇

🚩 "svcservice.exe": bazaar.abuse.ch/sample/0fdc3d4…. Next stages: hxxp://andater393[.]net/see1.zip hxxp://andater393[.]net/see2.zip hxxp://andater393[.]net/see3.zip #NetSupport RAT C2: svanaten1[.]com:1061 svanaten2[.]com:1061 licensee=DERRJON34 serial_no=NSM186593 [+]…

1ZRR4H's tweet image. 🚩 "svcservice.exe": bazaar.abuse.ch/sample/0fdc3d4….

Next stages:
hxxp://andater393[.]net/see1.zip
hxxp://andater393[.]net/see2.zip
hxxp://andater393[.]net/see3.zip

#NetSupport RAT C2:
svanaten1[.]com:1061
svanaten2[.]com:1061

licensee=DERRJON34
serial_no=NSM186593

[+]…

'@GITEX_GLOBAL 2025 is coming! We're excited to be part of the world’s largest tech show to showcase our award-winning software solutions! ✅ Remote control ✅ITAM ✅Alerting and notification ✅Training and onboarding ✅Classroom management #GITEXGLOBAL #NetSupport #TechNews

NetSupport_Corp's tweet image. '@GITEX_GLOBAL 2025 is coming! We're excited to be part of the world’s largest tech show to showcase our award-winning software solutions!

✅ Remote control
✅ITAM
✅Alerting and notification
✅Training and onboarding
✅Classroom management

#GITEXGLOBAL #NetSupport #TechNews

#ClickFix campaign targeting web3 users on YouTube sponsored videos spreading #Netsupport RAT Malicious paste: /pastesnip.com/raw/sNu60aPq Video: //www.youtube.com/watch?v=Qabajxy0OKY Detonation: app.any.run/tasks/f993b425…

g0njxa's tweet image. #ClickFix campaign targeting web3 users on YouTube sponsored videos spreading #Netsupport RAT

Malicious paste: /pastesnip.com/raw/sNu60aPq
Video: //www.youtube.com/watch?v=Qabajxy0OKY

Detonation: app.any.run/tasks/f993b425…
g0njxa's tweet image. #ClickFix campaign targeting web3 users on YouTube sponsored videos spreading #Netsupport RAT

Malicious paste: /pastesnip.com/raw/sNu60aPq
Video: //www.youtube.com/watch?v=Qabajxy0OKY

Detonation: app.any.run/tasks/f993b425…

🚩 #404TDS#NetSupport RAT (seen 10 days ago, link still active). 1.- https://accesstobenefits[.]com/cjb1z ↩️ 2.- https://ziahasanexposed[.]com/temp/Update_Accounting_billing_details_dtd_0026032024_pdf.zip NetSupport C2: dcnlaleanae8[.]com:3120 dcnlaleanae9[.]com:3120 +…

1ZRR4H's tweet image. 🚩 #404TDS → #NetSupport RAT
(seen 10 days ago, link still active).

1.- https://accesstobenefits[.]com/cjb1z ↩️
2.- https://ziahasanexposed[.]com/temp/Update_Accounting_billing_details_dtd_0026032024_pdf.zip

NetSupport C2: 
dcnlaleanae8[.]com:3120
dcnlaleanae9[.]com:3120

+…
1ZRR4H's tweet image. 🚩 #404TDS → #NetSupport RAT
(seen 10 days ago, link still active).

1.- https://accesstobenefits[.]com/cjb1z ↩️
2.- https://ziahasanexposed[.]com/temp/Update_Accounting_billing_details_dtd_0026032024_pdf.zip

NetSupport C2: 
dcnlaleanae8[.]com:3120
dcnlaleanae9[.]com:3120

+…
1ZRR4H's tweet image. 🚩 #404TDS → #NetSupport RAT
(seen 10 days ago, link still active).

1.- https://accesstobenefits[.]com/cjb1z ↩️
2.- https://ziahasanexposed[.]com/temp/Update_Accounting_billing_details_dtd_0026032024_pdf.zip

NetSupport C2: 
dcnlaleanae8[.]com:3120
dcnlaleanae9[.]com:3120

+…

Compromised site blawx[.]com downloads Javascript file BILL47189.js (bazaar.abuse.ch/sample/a95fe0e…) which eventually leads to #Netsupport RAT. "Exclusive Insights: Unveiling 2024's Lucrative Payouts!" Next stages: - https://blawx[.]com/letter.php?36393 -…

1ZRR4H's tweet image. Compromised site blawx[.]com downloads Javascript file BILL47189.js (bazaar.abuse.ch/sample/a95fe0e…) which eventually leads to #Netsupport RAT. "Exclusive Insights: Unveiling 2024's Lucrative Payouts!"

Next stages:
- https://blawx[.]com/letter.php?36393
-…
1ZRR4H's tweet image. Compromised site blawx[.]com downloads Javascript file BILL47189.js (bazaar.abuse.ch/sample/a95fe0e…) which eventually leads to #Netsupport RAT. "Exclusive Insights: Unveiling 2024's Lucrative Payouts!"

Next stages:
- https://blawx[.]com/letter.php?36393
-…
1ZRR4H's tweet image. Compromised site blawx[.]com downloads Javascript file BILL47189.js (bazaar.abuse.ch/sample/a95fe0e…) which eventually leads to #Netsupport RAT. "Exclusive Insights: Unveiling 2024's Lucrative Payouts!"

Next stages:
- https://blawx[.]com/letter.php?36393
-…
1ZRR4H's tweet image. Compromised site blawx[.]com downloads Javascript file BILL47189.js (bazaar.abuse.ch/sample/a95fe0e…) which eventually leads to #Netsupport RAT. "Exclusive Insights: Unveiling 2024's Lucrative Payouts!"

Next stages:
- https://blawx[.]com/letter.php?36393
-…

'BL3.ps1' looks like #NetSupport @abuse_ch bazaar.abuse.ch/sample/446e471… 193.143.1(.)216:443 (Proton66)

smica83's tweet image. 'BL3.ps1' looks like #NetSupport @abuse_ch 
bazaar.abuse.ch/sample/446e471…  
193.143.1(.)216:443 (Proton66)

🚨 Malicious Javascript File Evaded Most of the AV Solutions #NetSupport🚨 📌 VT Detection: 3 / 58 📁 Filename: Update_browser_17.6436.js 🔐 MD5: 1c2732211585c64719d576f600937215 🕵️‍♂️ IOCs: phinetik[.]com DOCGuard Report: app.docguard.io/878cd20bb0e499…

doc_guard's tweet image. 🚨 Malicious Javascript File Evaded Most of the AV Solutions #NetSupport🚨

📌 VT Detection: 3 / 58

📁 Filename: Update_browser_17.6436.js
🔐 MD5: 1c2732211585c64719d576f600937215
🕵️‍♂️ IOCs: phinetik[.]com

DOCGuard Report: app.docguard.io/878cd20bb0e499…
doc_guard's tweet image. 🚨 Malicious Javascript File Evaded Most of the AV Solutions #NetSupport🚨

📌 VT Detection: 3 / 58

📁 Filename: Update_browser_17.6436.js
🔐 MD5: 1c2732211585c64719d576f600937215
🕵️‍♂️ IOCs: phinetik[.]com

DOCGuard Report: app.docguard.io/878cd20bb0e499…
doc_guard's tweet image. 🚨 Malicious Javascript File Evaded Most of the AV Solutions #NetSupport🚨

📌 VT Detection: 3 / 58

📁 Filename: Update_browser_17.6436.js
🔐 MD5: 1c2732211585c64719d576f600937215
🕵️‍♂️ IOCs: phinetik[.]com

DOCGuard Report: app.docguard.io/878cd20bb0e499…
doc_guard's tweet image. 🚨 Malicious Javascript File Evaded Most of the AV Solutions #NetSupport🚨

📌 VT Detection: 3 / 58

📁 Filename: Update_browser_17.6436.js
🔐 MD5: 1c2732211585c64719d576f600937215
🕵️‍♂️ IOCs: phinetik[.]com

DOCGuard Report: app.docguard.io/878cd20bb0e499…

#NetSupport -- .zip > .js > .ps1 MD5: .zip == 6e7e921e662b0ec81c8f8d9455b4e328 .js == d82377d68d4173606ac169b237cbbc3b C2: hxxps://pipecoasia[.]com/f1.ps1 hxxp://193.233.233[.]92/index.php #NetSupportManager #malware

tliffick's tweet image. #NetSupport -- .zip > .js > .ps1

MD5:
.zip == 6e7e921e662b0ec81c8f8d9455b4e328
.js  == d82377d68d4173606ac169b237cbbc3b
C2:
hxxps://pipecoasia[.]com/f1.ps1
hxxp://193.233.233[.]92/index.php
#NetSupportManager #malware

Loading...

Something went wrong.


Something went wrong.


United States Trends