otx.alienvault.com Open in urlscan Pro
3.168.73.100  Public Scan

Form analysis
0 forms found in the DOM

Text Content

×
Loading...
   
 * Browse
 * Scan Endpoints
 * Create Pulse
 * Submit Sample
 * API Integration
   
   
 * Login | Sign Up
   

All
   
 * Login | Sign Up
   
 * 
   

FileHash - SHA1
abfcd51bb120a7eae5bbd9a99624e4abe0c9139d
Add to Pulse
Pulses
14
AV Detections
0
IDS Detections
0
YARA Detections
0
Alerts
0
Analysis Overview
Analysis Date
1 year ago
File Score
10
Malicious
Yara Detections
None

Related Pulses
LevelBlue Labs Pulses (3) , 
OTX User-Created Pulses (11)
Related Tags
44 Related Tags
meduza , 
remote access , 
burnsrat , 
netsupport rat , 
fake updates
More
File Type
ASCII text, with CRLF line terminators
Size
0 KB (258 bytes)
MD5
1b41e64c60ca9dfadeb063cd822ab089
SHA1
abfcd51bb120a7eae5bbd9a99624e4abe0c9139d
SHA256
f4e2f28169e0c88b2551b6f1d63f8ba513feb15beacc43a82f626b93d673f56d
External Resources
VirusTotal
VirusTotal
VirusTotal API key required



Analysis

Related Pulses

Integrations

Comments (0)

No Additional Analysis Available




COBALT STRIKE



No Entries Found




















LNK

Name

Value


No Entries Found





















DOCUMENT PROPERTIES























 * LevelBlue Labs (3)
 * User Created (11)
   

Horns&Hooves campaign delivers NetSupport RAT and BurnsRAT
FileHash-MD5 Indicator Active
 * Created 2 days ago
   
 * Modified 15 hours ago by AlienVault
 * Public
 * TLP: White

FileHash-MD5: 24 | FileHash-SHA1: 2 | FileHash-SHA256: 2 | URL: 6 | Domain: 7
The Horns&Hooves campaign, active since March 2023, targets Russian businesses
with malicious email attachments containing scripts that install NetSupport RAT
or BurnsRAT. The campaign evolved through several versions, improving
obfuscation and delivery methods. It uses decoy documents and legitimate-looking
file names to trick users. The attackers, likely associated with the TA569
group, gain remote access to infected systems and potentially sell this access
to other cybercriminals. The campaign has affected over a thousand users,
primarily in Russia, and has been observed attempting to install additional
malware like Rhadamanthys and Meduza stealers.
meduza,  remote access,  burnsrat,  netsupport rat
 * 292,952 Subscribers

SmartApeSg Delivering NetSupport RAT
FileHash-MD5 Indicator Active
 * Created 10 months ago
   
 * Modified 9 months ago by AlienVault
 * Public
 * TLP: White

FileHash-MD5: 18 | FileHash-SHA1: 12 | FileHash-SHA256: 12
In early January 2024, eSentire's machine learning detected malicious PowerShell
script execution associated with SmartApeSG, a threat actor distributing
NetSupport RAT via fake browser updates. The threat begins with the end user
visiting a compromised site serving a ZIP with a JavaScript file that retrieves
and executes a PowerShell command to download, decode, and deploy NetSupport
components. This highlights social engineering via fake updates, obfuscation
techniques, decoding malware, and typical deployment strategies. Recommendations
include training users on malicious content, restricting risky file types,
providing approved software downloads, and using antivirus, NGAV, and EDR to
detect threats.
fake updates,  netsupport rat
 * 292,952 Subscribers

NetSupport RAT: The RAT King Returns
FileHash-MD5 Indicator Active
 * Created 1 year ago
   
 * Modified 12 months ago by AlienVault
 * Public
 * TLP: White

FileHash-MD5: 10 | FileHash-SHA1: 10 | FileHash-SHA256: 20 | URL: 3 | Domain: 6
NetSupport Manager, a popular tool used for remote systems management, has been
used by threat actors to infiltrate systems and launch a sophisticated attack on
the networks, according to research by Carbon Black Managed Detection & Response
and VMWare.
netsupport rat
 * 292,953 Subscribers

Horns&Hooves Campaign Targets Users with Malware via Phishing
FileHash-MD5 Indicator Active
   
 * Created 9 hours ago by Superpro
 * Public
 * TLP: White

FileHash-MD5: 24 | FileHash-SHA1: 2 | FileHash-SHA256: 2 | IPv4: 6 | URL: 18 |
Domain: 9 | Hostname: 1
Researchers have identified a malware campaign known as Horns&Hooves, targeting
private users, retailers, and service businesses primarily in Russia. The
campaign has affected over 1,000 victims since its onset in March 2023. Its
primary tactic involves sending emails that appear legitimate, featuring ZIP
archives that contain JScript scripts. These scripts are cleverly disguised as
routine business communications like customer requests or partnership bids.
burnsrat,  javascript,  malware,  malware descriptions,  malware statistics, 
malware technologies,  netsupport rat,  phishing,  rat trojan,  horns,  ta569, 
hooves,  request,  appdata,  rdp wrapper,  zip archive,  september,  april, 
openssl,  august,  malicious,  capture,  june,  february,  date,  meduza, 
запрос,  trojans,  horns&hooves,  rms,  netsupport
 * 149 Subscribers

BLOCK_2024
FileHash-MD5 Indicator Active
 * Created 6 months ago
   
 * Modified 12 hours ago by BLOCKINGBLOCK
 * Public
 * TLP: White

CIDR: 6 | FileHash-MD5: 3889 | FileHash-SHA1: 3090 | FileHash-SHA256: 5198 |
IPv4: 206 | URL: 1103 | Domain: 1836 | Email: 28 | Hostname: 1139


 * 60 Subscribers

_CLON_2024_NOV11
FileHash-MD5 Indicator Active
 * Created 3 weeks ago
   
 * Modified 2 weeks ago by BLOCKINGBLOCK
 * Public
 * TLP: White

CIDR: 6 | FileHash-MD5: 3724 | FileHash-SHA1: 2927 | FileHash-SHA256: 5030 |
IPv4: 190 | URL: 1028 | Domain: 1795 | Email: 28 | Hostname: 1096


 * 54 Subscribers

SmartApeSG Delivering NetSupport RAT
FileHash-MD5 Indicator Active
 * Created 9 months ago
   
 * Modified 8 months ago by toporokis
 * Public
 * TLP: White

FileHash-MD5: 20 | FileHash-SHA1: 16 | FileHash-SHA256: 16 | URL: 3 | Domain: 3
The eSentire Threat Response Unit discovered that threat actor SmartApeSG is
using fake browser updates to distribute the NetSupport Remote Access Trojan.
The threat actor relies on compromised webpages that serve malicious JavaScript
files containing obfuscated PowerShell commands. The PowerShell code ultimately
downloads and executes the NetSupport RAT client binary. This campaign
highlights the risks of unvetted software downloads and the need for robust
endpoint security to detect and contain threats.
netsupport rat,  netsupport,  powershell,  rat,  obfuscation,  social
engineering
 * 46 Subscribers

SmartApeSg Delivering NetSupport RAT
FileHash-MD5 Indicator Active
   
 * Created 8 months ago by Tr1sa111
 * Public
 * TLP: White

FileHash-MD5: 18 | FileHash-SHA1: 12 | FileHash-SHA256: 12 | URL: 2 | Domain: 2

fake updates,  netsupport rat
 * 149 Subscribers

SmartApeSg Delivering NetSupport RAT
FileHash-MD5 Indicator Active
 * Created 9 months ago
   
 * Modified 8 months ago by tr2222200
 * Public
 * TLP: White

FileHash-MD5: 18 | FileHash-SHA1: 12 | FileHash-SHA256: 12 | URL: 2 | Domain: 2

fake updates,  netsupport rat
 * 143 Subscribers

SOC_BLOCK_NEW
FileHash-MD5 Indicator Active
   
 * Created 9 months ago by fencesense
 * Public
 * TLP: White

CIDR: 6 | FileHash-MD5: 3498 | FileHash-SHA1: 2746 | FileHash-SHA256: 4590 |
IPv4: 189 | URL: 729 | Domain: 1715 | Email: 28 | Hostname: 911


 * 6 Subscribers

SOC2023
FileHash-MD5 Indicator Active
 * Created 1 year ago
   
 * Modified 9 months ago by BLOCKINGBLOCK
 * Public
 * TLP: White

CIDR: 6 | FileHash-MD5: 3448 | FileHash-SHA1: 2696 | FileHash-SHA256: 4539 |
IPv4: 189 | URL: 727 | Domain: 1713 | Email: 28 | Hostname: 912


 * 64 Subscribers

NetSupport RAT Infections on the Rise
FileHash-MD5 Indicator Active
 * Created 1 year ago
   
 * Modified 12 months ago by cryptocti
 * Public
 * TLP: White

FileHash-MD5: 11 | FileHash-SHA1: 11 | FileHash-SHA256: 21 | Domain: 2


 * 313 Subscribers

NetSupport RAT: The RAT King Returns - VMware Security Blog - VMware
FileHash-MD5 Indicator Active
 * Created 1 year ago
   
 * Modified 12 months ago by tr2222200
 * Public
 * TLP: White

FileHash-MD5: 11 | FileHash-SHA1: 11 | FileHash-SHA256: 21 | URL: 6 | Domain: 7
NetSupport Manager, a popular tool used for remote systems management, has been
used by threat actors to infiltrate systems and launch a sophisticated attack on
the networks, according to research by Carbon Black Managed Detection &
Response.
netsupport rat,  carbon black,  powershell,  figure,  remote access,  trojan, 
ta569,  netsupport,  mdr team,  zip archive,  execution,  persistence, 
javascript,  access
 * 143 Subscribers

NetSupport RAT: The RAT King Returns - VMware Security Blog - VMware
FileHash-MD5 Indicator Active
 * Created 1 year ago
   
 * Modified 12 months ago by Tr1sa111
 * Public
 * TLP: White

FileHash-MD5: 11 | FileHash-SHA1: 11 | FileHash-SHA256: 21 | URL: 6 | Domain: 7

netsupport rat,  carbon black,  powershell,  figure,  remote access,  trojan, 
ta569,  netsupport,  mdr team,  zip archive,  execution,  persistence, 
javascript,  access
 * 150 Subscribers

Integrations can be added from the Settings page, which can be found by clicking
on the at the top right of the main menu when logged in to OTX.


COMMENTS

You must be logged in to leave a comment.

Refresh Comments

 * © Copyright 2024 LevelBlue, Inc.
   
 * Legal
   
 * Status