English
English Indonesia Türkçe Deutsch Español Português Pусский Français Italiano Nederlands Polski العربية ไทย Tiếng Việt 繁體中文 简体中文 日本語 한국어

#netsupportrat search results

skocherhan's profile picture. Digital nomad, exploring the cyber frontier.
ܛܔܔܔܛܔܛܔܛ
@skocherhan
Jun 28

194[.]180[.]158[.]202 194[.]180[.]158[.]203 194[.]180[.]158[.]204 194[.]180[.]158[.]205 #NetSupportRat @JAMESWT_WT @Huntio @500mk500

skocherhan's tweet image. 194[.]180[.]158[.]202 194[.]180[.]158[.]203 194[.]180[.]158[.]204 194[.]180[.]158[.]205 #NetSupportRat @JAMESWT_WT @Huntio @500mk500
0
2
8
0
1K
skocherhan's profile picture. Digital nomad, exploring the cyber frontier.
ܛܔܔܔܛܔܛܔܛ
@skocherhan
Jul 11

#NetSupportRat #C2 5[.]181[.]159[.]204 94[.]158[.]244[.]161 AS39798 MivoCloud SRL 🇺🇸 @Huntio @abuse_ch @JAMESWT_WT @500mk500 @anyrun_app @silentpush @MivoCloud

skocherhan's tweet image. #NetSupportRat #C2 5[.]181[.]159[.]204 94[.]158[.]244[.]161 AS39798 MivoCloud SRL 🇺🇸 @Huntio @abuse_ch @JAMESWT_WT @500mk500 @anyrun_app @silentpush @MivoCloud
skocherhan's tweet image. #NetSupportRat #C2 5[.]181[.]159[.]204 94[.]158[.]244[.]161 AS39798 MivoCloud SRL 🇺🇸 @Huntio @abuse_ch @JAMESWT_WT @500mk500 @anyrun_app @silentpush @MivoCloud
0
3
5
1
380
RussianPanda9xx's profile picture. Меня ищет МВД 🚔 | Threat Hunter @HuntressLabs | Researcher @ https://t.co/QNvr2yUuJM | Malware Addict | Volunteer @TheDFIRReport
RussianPanda 🐼 🇺🇦
@RussianPanda9xx
Jun 22, 2023

I am naming this #RogueRaticate campaign that leverages URL shortcuts to drop #NetSupportRAT 🐀 1/ ➡️ The user is getting infected via a drive-by download with the fake update screen (similar to SocGholish behavior). The initial payload is hosted on compromised WordPress…

RussianPanda9xx's tweet image. I am naming this #RogueRaticate campaign that leverages URL shortcuts to drop #NetSupportRAT 🐀 1/ ➡️ The user is getting infected via a drive-by download with the fake update screen (similar to SocGholish behavior). The initial payload is hosted on compromised WordPress…
RussianPanda9xx's tweet image. I am naming this #RogueRaticate campaign that leverages URL shortcuts to drop #NetSupportRAT 🐀 1/ ➡️ The user is getting infected via a drive-by download with the fake update screen (similar to SocGholish behavior). The initial payload is hosted on compromised WordPress…
RussianPanda9xx's tweet image. I am naming this #RogueRaticate campaign that leverages URL shortcuts to drop #NetSupportRAT 🐀 1/ ➡️ The user is getting infected via a drive-by download with the fake update screen (similar to SocGholish behavior). The initial payload is hosted on compromised WordPress…
RussianPanda9xx's tweet image. I am naming this #RogueRaticate campaign that leverages URL shortcuts to drop #NetSupportRAT 🐀 1/ ➡️ The user is getting infected via a drive-by download with the fake update screen (similar to SocGholish behavior). The initial payload is hosted on compromised WordPress…
7
54
156
34
44K
skocherhan's profile picture. Digital nomad, exploring the cyber frontier.
ܛܔܔܔܛܔܛܔܛ
@skocherhan
Jun 27

exemplar-industry[.]com C2: 185[.]163[.]45[.]30 AS39798 MivoCloud SRL 🇲🇩 #NetSupportRAT

skocherhan's tweet image. exemplar-industry[.]com C2: 185[.]163[.]45[.]30 AS39798 MivoCloud SRL 🇲🇩 #NetSupportRAT
0
0
1
0
101
RussianPanda9xx's profile picture. Меня ищет МВД 🚔 | Threat Hunter @HuntressLabs | Researcher @ https://t.co/QNvr2yUuJM | Malware Addict | Volunteer @TheDFIRReport
RussianPanda 🐼 🇺🇦
@RussianPanda9xx
Jan 27, 2023

1/ #socgholish deploying #NetSupportRAT at the first stage. The threat actor(s) deployed a PowerShell script via the NetSupport session after 2 days. Thanks @dr4k0nia for a reversing session, she found the next stage to be #asyncrat 🐀

RussianPanda9xx's tweet image. 1/ #socgholish deploying #NetSupportRAT at the first stage. The threat actor(s) deployed a PowerShell script via the NetSupport session after 2 days. Thanks @dr4k0nia for a reversing session, she found the next stage to be #asyncrat 🐀
RussianPanda9xx's tweet image. 1/ #socgholish deploying #NetSupportRAT at the first stage. The threat actor(s) deployed a PowerShell script via the NetSupport session after 2 days. Thanks @dr4k0nia for a reversing session, she found the next stage to be #asyncrat 🐀
RussianPanda9xx's tweet image. 1/ #socgholish deploying #NetSupportRAT at the first stage. The threat actor(s) deployed a PowerShell script via the NetSupport session after 2 days. Thanks @dr4k0nia for a reversing session, she found the next stage to be #asyncrat 🐀
RussianPanda9xx's tweet image. 1/ #socgholish deploying #NetSupportRAT at the first stage. The threat actor(s) deployed a PowerShell script via the NetSupport session after 2 days. Thanks @dr4k0nia for a reversing session, she found the next stage to be #asyncrat 🐀
1
40
115
17
16K
BroadAnalysis's profile picture.
Broad Analysis
 @BroadAnalysis
Jan 11, 2023

#socgholish #NetSupportRat SocGholish Stage1 - taxes.rpacx[.]com SocGholish Stage2 - hjgk67kg[.]xyz SocGholish Stage3 - *.asset.tradingvein[.]xyz NetSupportRat C2 - 52226asdiobioboioie[.]com (IP 94.158.244.38)

BroadAnalysis's tweet image. #socgholish #NetSupportRat SocGholish Stage1 - taxes.rpacx[.]com SocGholish Stage2 - hjgk67kg[.]xyz SocGholish Stage3 - *.asset.tradingvein[.]xyz NetSupportRat C2 - 52226asdiobioboioie[.]com (IP 94.158.244.38)
BroadAnalysis's tweet image. #socgholish #NetSupportRat SocGholish Stage1 - taxes.rpacx[.]com SocGholish Stage2 - hjgk67kg[.]xyz SocGholish Stage3 - *.asset.tradingvein[.]xyz NetSupportRat C2 - 52226asdiobioboioie[.]com (IP 94.158.244.38)
1
8
20
1
4K
RussianPanda9xx's profile picture. Меня ищет МВД 🚔 | Threat Hunter @HuntressLabs | Researcher @ https://t.co/QNvr2yUuJM | Malware Addict | Volunteer @TheDFIRReport
RussianPanda 🐼 🇺🇦
@RussianPanda9xx
Feb 9, 2023

1/ #socgholish is this you? 👻 ➡️UpdateInstaller.zip > Update.js ➡️Retrieves #NetSupportRAT 🐀 and batch scripts from C2 🖥️C2 IP: 188.127.231[.]11 @esthreat

RussianPanda9xx's tweet image. 1/ #socgholish is this you? 👻 ➡️UpdateInstaller.zip > Update.js ➡️Retrieves #NetSupportRAT 🐀 and batch scripts from C2 🖥️C2 IP: 188.127.231[.]11 @esthreat
RussianPanda9xx's tweet image. 1/ #socgholish is this you? 👻 ➡️UpdateInstaller.zip > Update.js ➡️Retrieves #NetSupportRAT 🐀 and batch scripts from C2 🖥️C2 IP: 188.127.231[.]11 @esthreat
RussianPanda9xx's tweet image. 1/ #socgholish is this you? 👻 ➡️UpdateInstaller.zip > Update.js ➡️Retrieves #NetSupportRAT 🐀 and batch scripts from C2 🖥️C2 IP: 188.127.231[.]11 @esthreat
5
18
63
13
22K
skocherhan's profile picture. Digital nomad, exploring the cyber frontier.
ܛܔܔܔܛܔܛܔܛ
@skocherhan
Jul 11

eikowrftkoweokfweo[.]xyz hiwefihwefhijwefjiqwerf[.]top 5[.]252[.]155[.]14 AS215826 Partner Hosting LTD 🇵🇦 #NetSupportRat

skocherhan's tweet image. eikowrftkoweokfweo[.]xyz hiwefihwefhijwefjiqwerf[.]top 5[.]252[.]155[.]14 AS215826 Partner Hosting LTD 🇵🇦 #NetSupportRat
skocherhan's tweet image. eikowrftkoweokfweo[.]xyz hiwefihwefhijwefjiqwerf[.]top 5[.]252[.]155[.]14 AS215826 Partner Hosting LTD 🇵🇦 #NetSupportRat
0
0
2
0
133
Unit42_Intel's profile picture. The latest research and news from Unit 42, the Palo Alto Networks (@paloaltontwks) Threat Intelligence and Security Consulting Team covering incident response.
Unit 42
 @Unit42_Intel
Mar 27, 2024

2024-03-27 (Wednesday): With the recent rise in malicious Google ads impersonating legitimate software, today we found one leading to a fake Cisco AnyConnect page pushing #NetSupportRAT. Indicators available at bit.ly/49mdPzG #Unit42ThreatIntel #RemoteAccessTrojan

Unit42_Intel's tweet image. 2024-03-27 (Wednesday): With the recent rise in malicious Google ads impersonating legitimate software, today we found one leading to a fake Cisco AnyConnect page pushing #NetSupportRAT. Indicators available at bit.ly/49mdPzG #Unit42ThreatIntel #RemoteAccessTrojan
Unit42_Intel's tweet image. 2024-03-27 (Wednesday): With the recent rise in malicious Google ads impersonating legitimate software, today we found one leading to a fake Cisco AnyConnect page pushing #NetSupportRAT. Indicators available at bit.ly/49mdPzG #Unit42ThreatIntel #RemoteAccessTrojan
Unit42_Intel's tweet image. 2024-03-27 (Wednesday): With the recent rise in malicious Google ads impersonating legitimate software, today we found one leading to a fake Cisco AnyConnect page pushing #NetSupportRAT. Indicators available at bit.ly/49mdPzG #Unit42ThreatIntel #RemoteAccessTrojan
Unit42_Intel's tweet image. 2024-03-27 (Wednesday): With the recent rise in malicious Google ads impersonating legitimate software, today we found one leading to a fake Cisco AnyConnect page pushing #NetSupportRAT. Indicators available at bit.ly/49mdPzG #Unit42ThreatIntel #RemoteAccessTrojan
1
42
108
21
20K
skocherhan's profile picture. Digital nomad, exploring the cyber frontier.
ܛܔܔܔܛܔܛܔܛ
@skocherhan
Nov 22

restinoset[.]com badylex[.]com fetrhinospa[.]com nebodune[.]com menuderg[.]com perropa[.]com 88[.]218[.]64[.]49/fakeurl[.]htm AS209309 Oniks LLC 🇷🇺 #NetSupportRAT

skocherhan's tweet image. restinoset[.]com badylex[.]com fetrhinospa[.]com nebodune[.]com menuderg[.]com perropa[.]com 88[.]218[.]64[.]49/fakeurl[.]htm AS209309 Oniks LLC 🇷🇺 #NetSupportRAT
malwrhunterteam's profile picture. Official MHT Twitter account. Check out ID Ransomware (created by @demonslay335). More photos & gifs, less malware.
MalwareHunterTeam
@malwrhunterteam
Nov 21

Another "approve" related FUD on VT sample: 46ccbfc563eb008029e907807597295b6b4f813eeeebb078e31ff17839154a46 From: https://approveis[.]info/bVfrH7.png 82.118.16[.]207 - seen already, but still only 1 detection on VT... 🤷‍♂️

malwrhunterteam's tweet image. Another "approve" related FUD on VT sample: 46ccbfc563eb008029e907807597295b6b4f813eeeebb078e31ff17839154a46 From: https://approveis[.]info/bVfrH7.png 82.118.16[.]207 - seen already, but still only 1 detection on VT... 🤷‍♂️
malwrhunterteam's tweet image. Another "approve" related FUD on VT sample: 46ccbfc563eb008029e907807597295b6b4f813eeeebb078e31ff17839154a46 From: https://approveis[.]info/bVfrH7.png 82.118.16[.]207 - seen already, but still only 1 detection on VT... 🤷‍♂️
malwrhunterteam's tweet image. Another "approve" related FUD on VT sample: 46ccbfc563eb008029e907807597295b6b4f813eeeebb078e31ff17839154a46 From: https://approveis[.]info/bVfrH7.png 82.118.16[.]207 - seen already, but still only 1 detection on VT... 🤷‍♂️
1
4
11
3
3K
0
0
3
0
207
skocherhan's profile picture. Digital nomad, exploring the cyber frontier.
ܛܔܔܔܛܔܛܔܛ
@skocherhan
May 30

77[.]83[.]207[.]89 AS216341 OPTIMA LLC 🇭🇰 godblessyou[.]world blessyoumother[.]world wheremylifestreet[.]cloud clientforbigbug[.]cloud sunriseopen[.]com #NetSupportRAT @anyrun_app @abuse_ch

skocherhan's tweet image. 77[.]83[.]207[.]89 AS216341 OPTIMA LLC 🇭🇰 godblessyou[.]world blessyoumother[.]world wheremylifestreet[.]cloud clientforbigbug[.]cloud sunriseopen[.]com #NetSupportRAT @anyrun_app @abuse_ch
4
3
10
2
2K
skocherhan's profile picture. Digital nomad, exploring the cyber frontier.
ܛܔܔܔܛܔܛܔܛ
@skocherhan
Jun 28

6e0b689a38618e72830f68c8f608019d michellegraci[.]com/hatz[.]zip C2: 94[.]158[.]245[.]174 AS39798 MivoCloud SRL 🇲🇩 #NetSupportRat @Huntio @JAMESWT_WT @500mk500

skocherhan's tweet image. 6e0b689a38618e72830f68c8f608019d michellegraci[.]com/hatz[.]zip C2: 94[.]158[.]245[.]174 AS39798 MivoCloud SRL 🇲🇩 #NetSupportRat @Huntio @JAMESWT_WT @500mk500
0
1
2
2
1K
skocherhan's profile picture. Digital nomad, exploring the cyber frontier.
ܛܔܔܔܛܔܛܔܛ
@skocherhan
Jun 28

495ed385329324b54a62ae90da06654e blog[.]tequide[.]com/lifeisgood[.]zip C2: 77[.]238[.]246[.]170 AS216071 Servers Tech Fzco 🇳🇱 #NetSupportRat #c2 @JAMESWT_WT @500mk500

skocherhan's tweet image. 495ed385329324b54a62ae90da06654e blog[.]tequide[.]com/lifeisgood[.]zip C2: 77[.]238[.]246[.]170 AS216071 Servers Tech Fzco 🇳🇱 #NetSupportRat #c2 @JAMESWT_WT @500mk500
1
2
1
1
835
Unit42_Intel's profile picture. The latest research and news from Unit 42, the Palo Alto Networks (@paloaltontwks) Threat Intelligence and Security Consulting Team covering incident response.
Unit 42
 @Unit42_Intel
Feb 19

2025-02-18 (Tuesday): Legitimate but compromised websites with an injected script for #SmartApeSG lead to a fake browser update page that distributes #NetSupportRAT malware. During an infection run, we saw follow-up malware for #StealC. More info at bit.ly/4gKGCBr

Unit42_Intel's tweet image. 2025-02-18 (Tuesday): Legitimate but compromised websites with an injected script for #SmartApeSG lead to a fake browser update page that distributes #NetSupportRAT malware. During an infection run, we saw follow-up malware for #StealC. More info at bit.ly/4gKGCBr
Unit42_Intel's tweet image. 2025-02-18 (Tuesday): Legitimate but compromised websites with an injected script for #SmartApeSG lead to a fake browser update page that distributes #NetSupportRAT malware. During an infection run, we saw follow-up malware for #StealC. More info at bit.ly/4gKGCBr
Unit42_Intel's tweet image. 2025-02-18 (Tuesday): Legitimate but compromised websites with an injected script for #SmartApeSG lead to a fake browser update page that distributes #NetSupportRAT malware. During an infection run, we saw follow-up malware for #StealC. More info at bit.ly/4gKGCBr
Unit42_Intel's tweet image. 2025-02-18 (Tuesday): Legitimate but compromised websites with an injected script for #SmartApeSG lead to a fake browser update page that distributes #NetSupportRAT malware. During an infection run, we saw follow-up malware for #StealC. More info at bit.ly/4gKGCBr
0
44
115
35
13K
threatquery's profile picture. Trust in ThreatQuery fear no threats.
ThreatQuery
 @threatquery
Sep 19

🚨 New C2 Detected! 🔗 45[.]88[.]104[.]5 ℹ️ ASN: AS204601 ℹ️ ASN Organization: Zomro B.V. 📍 Country: NL 📍 City: Soest 📅 2025-09-19T17:40:03 ℹ️ Type: #cnc - #c2 ℹ️ Family: #NetSupportRAT #ThreatIntelligence #IoCs #Malware

0
0
0
0
350
TweetThreatNews's profile picture. 🔍 ThreatResearch 📰 CybersecurityNews 🖥️ RansomMonitor 📂 Cyber Attack 📂 Data Breach 🎥 Youtube
Cybersecurity News Everyday
 @TweetThreatNews
Nov 17

EVALUSION campaign uses ClickFix social engineering to deliver Amatera Stealer and NetSupport RAT via sophisticated phishing tactics, leveraging Windows Run dialog and PowerShell for payload delivery. #AmateraStealer #NetSupportRAT #EVALUSION ift.tt/Byqg8Y5

TweetThreatNews's tweet card. Cybersecurity researchers have uncovered malware campaigns using ClickFix social engineering tactics to deploy Amatera Stealer and NetSupport RAT, tracked under the name EVALUSION. These campaigns...
New EVALUSION ClickFix Campaign Delivers Amatera Stealer and NetSupport RAT
Source: hendryadrian.com
0
0
1
0
78
drb_ra's profile picture. Mostly here for posting C2s. Thank you to @censysio for the raw data. Censys Search 2.0 extended our results massively.
C2IntelFeedsBot
 @drb_ra
Nov 24

NetSupportRAT C2s Stats New C2s Found: 1 Current C2s Live: 48 #NetSupportRAT #c2

0
0
0
0
86
drb_ra's profile picture. Mostly here for posting C2s. Thank you to @censysio for the raw data. Censys Search 2.0 extended our results massively.
C2IntelFeedsBot
 @drb_ra
Nov 23

NetSupportRAT C2s Stats New C2s Found: 2 Current C2s Live: 45 #NetSupportRAT #c2

0
0
0
0
131
skocherhan's profile picture. Digital nomad, exploring the cyber frontier.
ܛܔܔܔܛܔܛܔܛ
@skocherhan
Nov 22

restinoset[.]com badylex[.]com fetrhinospa[.]com nebodune[.]com menuderg[.]com perropa[.]com 88[.]218[.]64[.]49/fakeurl[.]htm AS209309 Oniks LLC 🇷🇺 #NetSupportRAT

skocherhan's tweet image. restinoset[.]com badylex[.]com fetrhinospa[.]com nebodune[.]com menuderg[.]com perropa[.]com 88[.]218[.]64[.]49/fakeurl[.]htm AS209309 Oniks LLC 🇷🇺 #NetSupportRAT
malwrhunterteam's profile picture. Official MHT Twitter account. Check out ID Ransomware (created by @demonslay335). More photos & gifs, less malware.
MalwareHunterTeam
@malwrhunterteam
Nov 21

Another "approve" related FUD on VT sample: 46ccbfc563eb008029e907807597295b6b4f813eeeebb078e31ff17839154a46 From: https://approveis[.]info/bVfrH7.png 82.118.16[.]207 - seen already, but still only 1 detection on VT... 🤷‍♂️

malwrhunterteam's tweet image. Another "approve" related FUD on VT sample: 46ccbfc563eb008029e907807597295b6b4f813eeeebb078e31ff17839154a46 From: https://approveis[.]info/bVfrH7.png 82.118.16[.]207 - seen already, but still only 1 detection on VT... 🤷‍♂️
malwrhunterteam's tweet image. Another "approve" related FUD on VT sample: 46ccbfc563eb008029e907807597295b6b4f813eeeebb078e31ff17839154a46 From: https://approveis[.]info/bVfrH7.png 82.118.16[.]207 - seen already, but still only 1 detection on VT... 🤷‍♂️
malwrhunterteam's tweet image. Another "approve" related FUD on VT sample: 46ccbfc563eb008029e907807597295b6b4f813eeeebb078e31ff17839154a46 From: https://approveis[.]info/bVfrH7.png 82.118.16[.]207 - seen already, but still only 1 detection on VT... 🤷‍♂️
1
4
11
3
3K
0
0
3
0
207
drb_ra's profile picture. Mostly here for posting C2s. Thank you to @censysio for the raw data. Censys Search 2.0 extended our results massively.
C2IntelFeedsBot
 @drb_ra
Nov 20

NetSupportRAT C2s Stats New C2s Found: 1 Current C2s Live: 47 #NetSupportRAT #c2

0
0
1
0
115
drb_ra's profile picture. Mostly here for posting C2s. Thank you to @censysio for the raw data. Censys Search 2.0 extended our results massively.
C2IntelFeedsBot
 @drb_ra
Nov 19

NetSupportRAT C2s Stats New C2s Found: 2 Current C2s Live: 48 #NetSupportRAT #c2

0
0
0
0
108
drb_ra's profile picture. Mostly here for posting C2s. Thank you to @censysio for the raw data. Censys Search 2.0 extended our results massively.
C2IntelFeedsBot
 @drb_ra
Nov 18

NetSupportRAT C2s Stats New C2s Found: 2 Current C2s Live: 44 #NetSupportRAT #c2

0
0
0
0
120
01ra66it's profile picture. Cybersecurity hobbyist. Speaker at Black Hat Asia, BSides Tokyo, BSides LV, Black Hat USA. Next: SecTor. CISSP/SSCP/CSAP.
Mr.Rabbit
 @01ra66it
Nov 18

新たなClickFix攻撃キャンペーン「EVALUSION」が判明。偽CAPTCHA誘導でユーザにコマンド貼付・実行させ、Amatera StealerとNetSupport RATを配布。クリップボード&クラウド経由手口。ユーザ教育と実行制御強化必須。#ClickFix #Amatera #NetSupportRAT thehackernews.com/2025/11/new-ev…

01ra66it's tweet card. ClickFix attacks deploy Amatera Stealer and NetSupport RAT through multi-stage phishing tactics across several campaigns.
New EVALUSION ClickFix Campaign Delivers Amatera Stealer and NetSupport RAT
Source: thehackernews.com
0
0
4
0
458
drb_ra's profile picture. Mostly here for posting C2s. Thank you to @censysio for the raw data. Censys Search 2.0 extended our results massively.
C2IntelFeedsBot
 @drb_ra
Nov 18

NetSupportRAT C2s Stats New C2s Found: 1 Current C2s Live: 42 #NetSupportRAT #c2

0
0
0
0
136
TweetThreatNews's profile picture. 🔍 ThreatResearch 📰 CybersecurityNews 🖥️ RansomMonitor 📂 Cyber Attack 📂 Data Breach 🎥 Youtube
Cybersecurity News Everyday
 @TweetThreatNews
Nov 17

EVALUSION campaign uses ClickFix social engineering to deliver Amatera Stealer and NetSupport RAT via sophisticated phishing tactics, leveraging Windows Run dialog and PowerShell for payload delivery. #AmateraStealer #NetSupportRAT #EVALUSION ift.tt/Byqg8Y5

TweetThreatNews's tweet card. Cybersecurity researchers have uncovered malware campaigns using ClickFix social engineering tactics to deploy Amatera Stealer and NetSupport RAT, tracked under the name EVALUSION. These campaigns...
New EVALUSION ClickFix Campaign Delivers Amatera Stealer and NetSupport RAT
Source: hendryadrian.com
0
0
1
0
78
drb_ra's profile picture. Mostly here for posting C2s. Thank you to @censysio for the raw data. Censys Search 2.0 extended our results massively.
C2IntelFeedsBot
 @drb_ra
Nov 17

NetSupportRAT C2s Stats New C2s Found: 1 Current C2s Live: 44 #NetSupportRAT #c2

0
0
0
0
179
drb_ra's profile picture. Mostly here for posting C2s. Thank you to @censysio for the raw data. Censys Search 2.0 extended our results massively.
C2IntelFeedsBot
 @drb_ra
Nov 16

NetSupportRAT C2s Stats New C2s Found: 1 Current C2s Live: 45 #NetSupportRAT #c2

0
0
1
0
185
TweetThreatNews's profile picture. 🔍 ThreatResearch 📰 CybersecurityNews 🖥️ RansomMonitor 📂 Cyber Attack 📂 Data Breach 🎥 Youtube
Cybersecurity News Everyday
 @TweetThreatNews
Nov 14

EVALUSION campaign uses ClickFix to deploy Amatera Stealer (rebranded AcridRain) and NetSupport RAT, targeting crypto wallets with advanced evasion like AMSI bypass. Detection and mitigation strategies advised. #AmateraStealer #NetSupportRAT ift.tt/IvoCeNE

TweetThreatNews's tweet card. eSentire's TRU discovered campaigns using ClickFix for initial access to deploy Amatera Stealer (a rebranded ACR/AcridRain) and NetSupport RAT, with Amatera leveraging advanced evasion (WoW64...
EVALUSION Campaign Delivers Amatera Stealer and NetSupport RAT
Source: hendryadrian.com
0
0
0
0
101
drb_ra's profile picture. Mostly here for posting C2s. Thank you to @censysio for the raw data. Censys Search 2.0 extended our results massively.
C2IntelFeedsBot
 @drb_ra
Nov 14

(Unverified) NetSupportRAT Found C2: 94[.]237[.]97[.]16:27264 Country: Germany (AS202053) ASN: UPCLOUD #c2 #NetSupportRAT #unverified

0
0
0
0
149
drb_ra's profile picture. Mostly here for posting C2s. Thank you to @censysio for the raw data. Censys Search 2.0 extended our results massively.
C2IntelFeedsBot
 @drb_ra
Nov 14

(Unverified) NetSupportRAT Found C2: 84[.]154[.]188[.]167:81 Country: Germany (AS3320) ASN: DTAG Internet servic... #c2 #NetSupportRAT #unverified

0
0
0
0
122
drb_ra's profile picture. Mostly here for posting C2s. Thank you to @censysio for the raw data. Censys Search 2.0 extended our results massively.
C2IntelFeedsBot
 @drb_ra
Nov 12

(Unverified) NetSupportRAT Found C2: 102[.]96[.]170[.]51:443 Country: Morocco (AS36925) ASN: ASMedi #c2 #NetSupportRAT #unverified

0
0
0
0
140
drb_ra's profile picture. Mostly here for posting C2s. Thank you to @censysio for the raw data. Censys Search 2.0 extended our results massively.
C2IntelFeedsBot
 @drb_ra
Nov 11

(Unverified) NetSupportRAT Found C2: 102[.]96[.]188[.]139:443 Country: Morocco (AS36925) ASN: ASMedi #c2 #NetSupportRAT #unverified

0
0
0
0
143
drb_ra's profile picture. Mostly here for posting C2s. Thank you to @censysio for the raw data. Censys Search 2.0 extended our results massively.
C2IntelFeedsBot
 @drb_ra
Nov 11

(Unverified) NetSupportRAT Found C2: 105[.]159[.]154[.]195:443 Country: Morocco (AS36903) ASN: MT-MPLS #c2 #NetSupportRAT #unverified

0
0
0
1
142
drb_ra's profile picture. Mostly here for posting C2s. Thank you to @censysio for the raw data. Censys Search 2.0 extended our results massively.
C2IntelFeedsBot
 @drb_ra
Nov 10

(Unverified) NetSupportRAT Found C2: 93[.]198[.]181[.]8:81 Country: Germany (AS3320) ASN: DTAG Internet servic... #c2 #NetSupportRAT #unverified

0
0
0
0
153
drb_ra's profile picture. Mostly here for posting C2s. Thank you to @censysio for the raw data. Censys Search 2.0 extended our results massively.
C2IntelFeedsBot
 @drb_ra
Nov 10

(Unverified) NetSupportRAT Found C2: 15[.]185[.]200[.]153:38165 Country: Bahrain (AS16509) ASN: AMAZON-02 #c2 #NetSupportRAT #unverified

0
0
0
1
152
No results for "#netsupportrat"
Unit42_Intel's profile picture. The latest research and news from Unit 42, the Palo Alto Networks (@paloaltontwks) Threat Intelligence and Security Consulting Team covering incident response.
Unit 42
 @Unit42_Intel
Mar 27, 2024

2024-03-27 (Wednesday): With the recent rise in malicious Google ads impersonating legitimate software, today we found one leading to a fake Cisco AnyConnect page pushing #NetSupportRAT. Indicators available at bit.ly/49mdPzG #Unit42ThreatIntel #RemoteAccessTrojan

Unit42_Intel's tweet image. 2024-03-27 (Wednesday): With the recent rise in malicious Google ads impersonating legitimate software, today we found one leading to a fake Cisco AnyConnect page pushing #NetSupportRAT. Indicators available at bit.ly/49mdPzG #Unit42ThreatIntel #RemoteAccessTrojan
Unit42_Intel's tweet image. 2024-03-27 (Wednesday): With the recent rise in malicious Google ads impersonating legitimate software, today we found one leading to a fake Cisco AnyConnect page pushing #NetSupportRAT. Indicators available at bit.ly/49mdPzG #Unit42ThreatIntel #RemoteAccessTrojan
Unit42_Intel's tweet image. 2024-03-27 (Wednesday): With the recent rise in malicious Google ads impersonating legitimate software, today we found one leading to a fake Cisco AnyConnect page pushing #NetSupportRAT. Indicators available at bit.ly/49mdPzG #Unit42ThreatIntel #RemoteAccessTrojan
Unit42_Intel's tweet image. 2024-03-27 (Wednesday): With the recent rise in malicious Google ads impersonating legitimate software, today we found one leading to a fake Cisco AnyConnect page pushing #NetSupportRAT. Indicators available at bit.ly/49mdPzG #Unit42ThreatIntel #RemoteAccessTrojan
1
42
108
21
20K
Iamdeadlyz's profile picture. ☣ Sharing security alerts
iamdeadlyz
 @Iamdeadlyz
Feb 16, 2023

4/ #NetSupportRAT www.dropbox[.]com/s/esdksc1v6akq2t5/PokemonLauncher.exe?dl=1 Uploaded by: R00TL1nK Production 6db5e6ade4347435c861220ec517e39e C&C: arponet.duckdns[.]org:9999 -> 89.107.10[.]44/fakeurl.htm Related finding by @ASEC_Analysis asec.ahnlab.com/en/45312/

Iamdeadlyz's tweet image. 4/ #NetSupportRAT www.dropbox[.]com/s/esdksc1v6akq2t5/PokemonLauncher.exe?dl=1 Uploaded by: R00TL1nK Production 6db5e6ade4347435c861220ec517e39e C&C: arponet.duckdns[.]org:9999 -> 89.107.10[.]44/fakeurl.htm Related finding by @ASEC_Analysis asec.ahnlab.com/en/45312/
Iamdeadlyz's tweet image. 4/ #NetSupportRAT www.dropbox[.]com/s/esdksc1v6akq2t5/PokemonLauncher.exe?dl=1 Uploaded by: R00TL1nK Production 6db5e6ade4347435c861220ec517e39e C&C: arponet.duckdns[.]org:9999 -> 89.107.10[.]44/fakeurl.htm Related finding by @ASEC_Analysis asec.ahnlab.com/en/45312/
1
2
12
0
2K
RussianPanda9xx's profile picture. Меня ищет МВД 🚔 | Threat Hunter @HuntressLabs | Researcher @ https://t.co/QNvr2yUuJM | Malware Addict | Volunteer @TheDFIRReport
RussianPanda 🐼 🇺🇦
@RussianPanda9xx
Jun 22, 2023

I am naming this #RogueRaticate campaign that leverages URL shortcuts to drop #NetSupportRAT 🐀 1/ ➡️ The user is getting infected via a drive-by download with the fake update screen (similar to SocGholish behavior). The initial payload is hosted on compromised WordPress…

RussianPanda9xx's tweet image. I am naming this #RogueRaticate campaign that leverages URL shortcuts to drop #NetSupportRAT 🐀 1/ ➡️ The user is getting infected via a drive-by download with the fake update screen (similar to SocGholish behavior). The initial payload is hosted on compromised WordPress…
RussianPanda9xx's tweet image. I am naming this #RogueRaticate campaign that leverages URL shortcuts to drop #NetSupportRAT 🐀 1/ ➡️ The user is getting infected via a drive-by download with the fake update screen (similar to SocGholish behavior). The initial payload is hosted on compromised WordPress…
RussianPanda9xx's tweet image. I am naming this #RogueRaticate campaign that leverages URL shortcuts to drop #NetSupportRAT 🐀 1/ ➡️ The user is getting infected via a drive-by download with the fake update screen (similar to SocGholish behavior). The initial payload is hosted on compromised WordPress…
RussianPanda9xx's tweet image. I am naming this #RogueRaticate campaign that leverages URL shortcuts to drop #NetSupportRAT 🐀 1/ ➡️ The user is getting infected via a drive-by download with the fake update screen (similar to SocGholish behavior). The initial payload is hosted on compromised WordPress…
7
54
156
34
44K
skocherhan's profile picture. Digital nomad, exploring the cyber frontier.
ܛܔܔܔܛܔܛܔܛ
@skocherhan
Jun 28

194[.]180[.]158[.]202 194[.]180[.]158[.]203 194[.]180[.]158[.]204 194[.]180[.]158[.]205 #NetSupportRat @JAMESWT_WT @Huntio @500mk500

skocherhan's tweet image. 194[.]180[.]158[.]202 194[.]180[.]158[.]203 194[.]180[.]158[.]204 194[.]180[.]158[.]205 #NetSupportRat @JAMESWT_WT @Huntio @500mk500
0
2
8
0
1K
skocherhan's profile picture. Digital nomad, exploring the cyber frontier.
ܛܔܔܔܛܔܛܔܛ
@skocherhan
Jul 11

#NetSupportRat #C2 5[.]181[.]159[.]204 94[.]158[.]244[.]161 AS39798 MivoCloud SRL 🇺🇸 @Huntio @abuse_ch @JAMESWT_WT @500mk500 @anyrun_app @silentpush @MivoCloud

skocherhan's tweet image. #NetSupportRat #C2 5[.]181[.]159[.]204 94[.]158[.]244[.]161 AS39798 MivoCloud SRL 🇺🇸 @Huntio @abuse_ch @JAMESWT_WT @500mk500 @anyrun_app @silentpush @MivoCloud
skocherhan's tweet image. #NetSupportRat #C2 5[.]181[.]159[.]204 94[.]158[.]244[.]161 AS39798 MivoCloud SRL 🇺🇸 @Huntio @abuse_ch @JAMESWT_WT @500mk500 @anyrun_app @silentpush @MivoCloud
0
3
5
1
380
skocherhan's profile picture. Digital nomad, exploring the cyber frontier.
ܛܔܔܔܛܔܛܔܛ
@skocherhan
Jun 27

exemplar-industry[.]com C2: 185[.]163[.]45[.]30 AS39798 MivoCloud SRL 🇲🇩 #NetSupportRAT

skocherhan's tweet image. exemplar-industry[.]com C2: 185[.]163[.]45[.]30 AS39798 MivoCloud SRL 🇲🇩 #NetSupportRAT
0
0
1
0
101
RussianPanda9xx's profile picture. Меня ищет МВД 🚔 | Threat Hunter @HuntressLabs | Researcher @ https://t.co/QNvr2yUuJM | Malware Addict | Volunteer @TheDFIRReport
RussianPanda 🐼 🇺🇦
@RussianPanda9xx
Jan 27, 2023

1/ #socgholish deploying #NetSupportRAT at the first stage. The threat actor(s) deployed a PowerShell script via the NetSupport session after 2 days. Thanks @dr4k0nia for a reversing session, she found the next stage to be #asyncrat 🐀

RussianPanda9xx's tweet image. 1/ #socgholish deploying #NetSupportRAT at the first stage. The threat actor(s) deployed a PowerShell script via the NetSupport session after 2 days. Thanks @dr4k0nia for a reversing session, she found the next stage to be #asyncrat 🐀
RussianPanda9xx's tweet image. 1/ #socgholish deploying #NetSupportRAT at the first stage. The threat actor(s) deployed a PowerShell script via the NetSupport session after 2 days. Thanks @dr4k0nia for a reversing session, she found the next stage to be #asyncrat 🐀
RussianPanda9xx's tweet image. 1/ #socgholish deploying #NetSupportRAT at the first stage. The threat actor(s) deployed a PowerShell script via the NetSupport session after 2 days. Thanks @dr4k0nia for a reversing session, she found the next stage to be #asyncrat 🐀
RussianPanda9xx's tweet image. 1/ #socgholish deploying #NetSupportRAT at the first stage. The threat actor(s) deployed a PowerShell script via the NetSupport session after 2 days. Thanks @dr4k0nia for a reversing session, she found the next stage to be #asyncrat 🐀
1
40
115
17
16K
RussianPanda9xx's profile picture. Меня ищет МВД 🚔 | Threat Hunter @HuntressLabs | Researcher @ https://t.co/QNvr2yUuJM | Malware Addict | Volunteer @TheDFIRReport
RussianPanda 🐼 🇺🇦
@RussianPanda9xx
Feb 9, 2023

1/ #socgholish is this you? 👻 ➡️UpdateInstaller.zip > Update.js ➡️Retrieves #NetSupportRAT 🐀 and batch scripts from C2 🖥️C2 IP: 188.127.231[.]11 @esthreat

RussianPanda9xx's tweet image. 1/ #socgholish is this you? 👻 ➡️UpdateInstaller.zip > Update.js ➡️Retrieves #NetSupportRAT 🐀 and batch scripts from C2 🖥️C2 IP: 188.127.231[.]11 @esthreat
RussianPanda9xx's tweet image. 1/ #socgholish is this you? 👻 ➡️UpdateInstaller.zip > Update.js ➡️Retrieves #NetSupportRAT 🐀 and batch scripts from C2 🖥️C2 IP: 188.127.231[.]11 @esthreat
RussianPanda9xx's tweet image. 1/ #socgholish is this you? 👻 ➡️UpdateInstaller.zip > Update.js ➡️Retrieves #NetSupportRAT 🐀 and batch scripts from C2 🖥️C2 IP: 188.127.231[.]11 @esthreat
5
18
63
13
22K
skocherhan's profile picture. Digital nomad, exploring the cyber frontier.
ܛܔܔܔܛܔܛܔܛ
@skocherhan
Jul 11

eikowrftkoweokfweo[.]xyz hiwefihwefhijwefjiqwerf[.]top 5[.]252[.]155[.]14 AS215826 Partner Hosting LTD 🇵🇦 #NetSupportRat

skocherhan's tweet image. eikowrftkoweokfweo[.]xyz hiwefihwefhijwefjiqwerf[.]top 5[.]252[.]155[.]14 AS215826 Partner Hosting LTD 🇵🇦 #NetSupportRat
skocherhan's tweet image. eikowrftkoweokfweo[.]xyz hiwefihwefhijwefjiqwerf[.]top 5[.]252[.]155[.]14 AS215826 Partner Hosting LTD 🇵🇦 #NetSupportRat
0
0
2
0
133
skocherhan's profile picture. Digital nomad, exploring the cyber frontier.
ܛܔܔܔܛܔܛܔܛ
@skocherhan
Jun 28

6e0b689a38618e72830f68c8f608019d michellegraci[.]com/hatz[.]zip C2: 94[.]158[.]245[.]174 AS39798 MivoCloud SRL 🇲🇩 #NetSupportRat @Huntio @JAMESWT_WT @500mk500

skocherhan's tweet image. 6e0b689a38618e72830f68c8f608019d michellegraci[.]com/hatz[.]zip C2: 94[.]158[.]245[.]174 AS39798 MivoCloud SRL 🇲🇩 #NetSupportRat @Huntio @JAMESWT_WT @500mk500
0
1
2
2
1K
skocherhan's profile picture. Digital nomad, exploring the cyber frontier.
ܛܔܔܔܛܔܛܔܛ
@skocherhan
Jun 28

495ed385329324b54a62ae90da06654e blog[.]tequide[.]com/lifeisgood[.]zip C2: 77[.]238[.]246[.]170 AS216071 Servers Tech Fzco 🇳🇱 #NetSupportRat #c2 @JAMESWT_WT @500mk500

skocherhan's tweet image. 495ed385329324b54a62ae90da06654e blog[.]tequide[.]com/lifeisgood[.]zip C2: 77[.]238[.]246[.]170 AS216071 Servers Tech Fzco 🇳🇱 #NetSupportRat #c2 @JAMESWT_WT @500mk500
1
2
1
1
835
BroadAnalysis's profile picture.
Broad Analysis
 @BroadAnalysis
Jan 11, 2023

#socgholish #NetSupportRat SocGholish Stage1 - taxes.rpacx[.]com SocGholish Stage2 - hjgk67kg[.]xyz SocGholish Stage3 - *.asset.tradingvein[.]xyz NetSupportRat C2 - 52226asdiobioboioie[.]com (IP 94.158.244.38)

BroadAnalysis's tweet image. #socgholish #NetSupportRat SocGholish Stage1 - taxes.rpacx[.]com SocGholish Stage2 - hjgk67kg[.]xyz SocGholish Stage3 - *.asset.tradingvein[.]xyz NetSupportRat C2 - 52226asdiobioboioie[.]com (IP 94.158.244.38)
BroadAnalysis's tweet image. #socgholish #NetSupportRat SocGholish Stage1 - taxes.rpacx[.]com SocGholish Stage2 - hjgk67kg[.]xyz SocGholish Stage3 - *.asset.tradingvein[.]xyz NetSupportRat C2 - 52226asdiobioboioie[.]com (IP 94.158.244.38)
1
8
20
1
4K
skocherhan's profile picture. Digital nomad, exploring the cyber frontier.
ܛܔܔܔܛܔܛܔܛ
@skocherhan
May 30

77[.]83[.]207[.]89 AS216341 OPTIMA LLC 🇭🇰 godblessyou[.]world blessyoumother[.]world wheremylifestreet[.]cloud clientforbigbug[.]cloud sunriseopen[.]com #NetSupportRAT @anyrun_app @abuse_ch

skocherhan's tweet image. 77[.]83[.]207[.]89 AS216341 OPTIMA LLC 🇭🇰 godblessyou[.]world blessyoumother[.]world wheremylifestreet[.]cloud clientforbigbug[.]cloud sunriseopen[.]com #NetSupportRAT @anyrun_app @abuse_ch
4
3
10
2
2K
JAMESWT_WT's profile picture. #Independent #Malware #Hunter #CyberSecurity #InfoSec https://t.co/KCFBJcHHcW https://t.co/WODUKncjFy
JAMESWT
 @JAMESWT_WT
Apr 17

👇 #netsupportRAT client32.ini 2025-01-24 MD5 08e6451962fb39a5f5d4611ec93bb90d NSM.LIC 2024-04-13 MD5 9e482d086f86c0ea705aba09847b7491 👇 bazaar.abuse.ch/browse/tag/5-1…

JAMESWT_WT's tweet image. 👇 #netsupportRAT client32.ini 2025-01-24 MD5 08e6451962fb39a5f5d4611ec93bb90d NSM.LIC 2024-04-13 MD5 9e482d086f86c0ea705aba09847b7491 👇 bazaar.abuse.ch/browse/tag/5-1…
0
1
3
0
105
JAMESWT_WT's profile picture. #Independent #Malware #Hunter #CyberSecurity #InfoSec https://t.co/KCFBJcHHcW https://t.co/WODUKncjFy
JAMESWT
 @JAMESWT_WT
May 13

1/3 #NetSupportRat Samples Collection updated/tagged 👇 bazaar.abuse.ch/browse/tag/net… cc @500mk500

JAMESWT_WT's tweet image. 1/3 #NetSupportRat Samples Collection updated/tagged 👇 bazaar.abuse.ch/browse/tag/net… cc @500mk500
3
7
22
3
3K
skocherhan's profile picture. Digital nomad, exploring the cyber frontier.
ܛܔܔܔܛܔܛܔܛ
@skocherhan
Jul 11

Northeast Thermography Medical Imaging Center (Clifton Park, NY) 🇺🇸 Compromised 🇷🇺 medthermography[.]com 👇 bazaar.abuse.ch/browse/tag/med… C2: 94[.]158[.]245[.]131 AS39798 MivoCloud SRL 🇲🇩 #malware #NetSupportRat @Huntio @abuse_ch

skocherhan's tweet image. Northeast Thermography Medical Imaging Center (Clifton Park, NY) 🇺🇸 Compromised 🇷🇺 medthermography[.]com 👇 bazaar.abuse.ch/browse/tag/med… C2: 94[.]158[.]245[.]131 AS39798 MivoCloud SRL 🇲🇩 #malware #NetSupportRat @Huntio @abuse_ch
skocherhan's tweet image. Northeast Thermography Medical Imaging Center (Clifton Park, NY) 🇺🇸 Compromised 🇷🇺 medthermography[.]com 👇 bazaar.abuse.ch/browse/tag/med… C2: 94[.]158[.]245[.]131 AS39798 MivoCloud SRL 🇲🇩 #malware #NetSupportRat @Huntio @abuse_ch
0
1
4
2
962

Something went wrong.


Something went wrong.


United States Trends