NetSupportManager RAT 解析
IOB - Indicator of Behavior (448)
アクティビティ
関心
脆弱性
IOC - Indicator of Compromise (178)
These indicators of compromise highlight associated network ressources which are known to be part of research and attack activities.
TTP - Tactics, Techniques, Procedures (21)
Tactics, techniques, and procedures summarize the suspected MITRE ATT&CK techniques used. This data is unique as it uses our predictive model for actor profiling.
IOA - Indicator of Attack (215)
These indicators of attack list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration. This data is unique as it uses our predictive model for actor profiling.
ID | クラス | Indicator | タイプ | 信頼度 |
---|---|---|---|---|
1 | File | //proc/kcore | predictive | 中 |
2 | File | /admin/index2.html | predictive | 高 |
3 | File | /api/baskets/{name} | predictive | 高 |
4 | File | /api/RecordingList/DownloadRecord?file= | predictive | 高 |
5 | File | /api/v4/users/ids | predictive | 高 |
6 | File | /apply.cgi | predictive | 中 |
7 | File | /cgi-bin/wlogin.cgi | predictive | 高 |
8 | File | /debug/pprof | predictive | 中 |
9 | File | /etc/shadow | predictive | 中 |
10 | File | /forum/away.php | predictive | 高 |
11 | File | /inc/parser/xhtml.php | predictive | 高 |
12 | File | /include/makecvs.php | predictive | 高 |
13 | File | /index.php?p=admin/actions/users/send-password-reset-email | predictive | 高 |
14 | File | /oauth/idp/.well-known/openid-configuration | predictive | 高 |
15 | File | /out.php | predictive | 中 |
16 | File | /php/ping.php | predictive | 高 |
17 | File | /project/tasks/list | predictive | 高 |
18 | File | /rapi/read_url | predictive | 高 |
19 | File | /requests.php | predictive | 高 |
20 | File | /scripts/unlock_tasks.php | predictive | 高 |
21 | File | /SysInfo1.htm | predictive | 高 |
22 | File | /sysinfo_json.cgi | predictive | 高 |
23 | File | /system/dataPerm/list | predictive | 高 |
24 | File | /system/user/modules/mod_users/controller.php | predictive | 高 |
25 | File | /xx-xxxxx/xxxxx-xxxx.xxx?xx_xxxx=x&xxxxxx_xxxx | predictive | 高 |
26 | File | /xx-xxxxx/xxxxx.xxx?xxxx=xx_xxxx_xxxxxxx_xxxxxxxxxx | predictive | 高 |
27 | File | xxxxxxx.xxx | predictive | 中 |
28 | File | xxx.xxx | predictive | 低 |
29 | File | xxxxx/xxxxx.xxx | predictive | 高 |
30 | File | xxxxxxxx.xxx | predictive | 中 |
31 | File | xxxxxxx/xxxx.xxx | predictive | 高 |
32 | File | xxxxxxxxxxxxxx/xxxx/xxxx/xx.xxxxxxxxxx.xx_xxxx/xxx.xxx.xxx.xxxxxxxxx.xxxxxxx/xxx_xx_xxxx_xxxx_xxx/xxx_xx_xxxx_xxxx_xxx.xxx/xxxx | predictive | 高 |
33 | File | xxxx/xxxxxxxxxxxx.xxx | predictive | 高 |
34 | File | xxxxxxxxxxxx.xxx/xxxxxxxxxxx.xxx/xxxxxxxxxxx.xxx/xxxxxxxxxxx.xxx | predictive | 高 |
35 | File | xxxxxxx/xxxxxxxxxx/xxxxxx_xxxxxx_xxxxxxxx_xxxxx.xx | predictive | 高 |
36 | File | xxx.xxx | predictive | 低 |
37 | File | xxxxxxxx.xxx | predictive | 中 |
38 | File | xxxxx.xxxxxxxxx.xxx | predictive | 高 |
39 | File | xxxxxxxxxx.xxx | predictive | 高 |
40 | File | xxxxx.xxx | predictive | 中 |
41 | File | xxxxxxxx.xxx | predictive | 中 |
42 | File | xxxxxx/xxx.x | predictive | 中 |
43 | File | xxxxxxxxxxxxxxxxxxxxxxxxx.xxxx | predictive | 高 |
44 | File | xxxxxxxxxx/xxxxxx/xxxxxxxxx.xxxx/xxxx.xxx/ | predictive | 高 |
45 | File | xxxxxx/xx/xx_xxxxx.x | predictive | 高 |
46 | File | xxxxxxxxx.xxx.xxx | predictive | 高 |
47 | File | xxxx:x.x/xx:x/xx:x/xx:x/xx:x/x:x/x:x/x:x/x:x | predictive | 高 |
48 | File | xxxxx/xxxxx.xxx | predictive | 高 |
49 | File | xxxx/xxxxxxxxxxxxxxx.xxx | predictive | 高 |
50 | File | xxxx_xxxxx.xxx | predictive | 高 |
51 | File | xxxxx.xxx | predictive | 中 |
52 | File | xxxxxxx.xxx | predictive | 中 |
53 | File | xxxxxx.xxx | predictive | 中 |
54 | File | xxxxxx.xxx | predictive | 中 |
55 | File | xxxxxxx/xxx/xx/xx.x | predictive | 高 |
56 | File | xxxx.xxx | predictive | 中 |
57 | File | xxxxx.xxx | predictive | 中 |
58 | File | xxxxxx.xxx | predictive | 中 |
59 | File | xxx/xxxx/xxx_xxx.x | predictive | 高 |
60 | File | xxxxxxxxxxxxxxxxxxxx.xxx | predictive | 高 |
61 | File | xxxxxxxxxxxx.xxx | predictive | 高 |
62 | File | xxxxxxx/xxxx_xxxx.x | predictive | 高 |
63 | File | xx/xx-xx.x | predictive | 中 |
64 | File | xxxx_xxxxx.xx | predictive | 高 |
65 | File | xxx/xxxx_xxxx.x | predictive | 高 |
66 | File | xxxxxxxxxx.xxx | predictive | 高 |
67 | File | xxxxxx/xxxxxxxxxxx | predictive | 高 |
68 | File | xxxx.xxx | predictive | 中 |
69 | File | xxxx_xxxxxx.x | predictive | 高 |
70 | File | xxxxxx/xxxxx_xxxxxxx.xxx | predictive | 高 |
71 | File | xxxx/xxxxxxx.x | predictive | 高 |
72 | File | xxx/xxxxxx.xxx | predictive | 高 |
73 | File | xxxxxxx.xxx | predictive | 中 |
74 | File | xxxxxxxx/xxxxx-xxxxxx-xxxx-xxxxxxx.xxx | predictive | 高 |
75 | File | xxxxxxxx/xxxxxxxx/xxxxx-xxxxxxxx-xxxxx.xxx | predictive | 高 |
76 | File | xxxxx.xxx | predictive | 中 |
77 | File | xxxxx.xxx?xxx=xxxx&xxx=xxxxxxxx | predictive | 高 |
78 | File | xxxxx.xxx?xxxxx=xxxxxxxxx/xxxxxx/xx_xxxxxxxxx_xxxxxx_xxxxx/xxxxxxxxxx | predictive | 高 |
79 | File | xxxxxxxxxx.xxx | predictive | 高 |
80 | File | xxx_xxxxxx_xxxxxx.xx | predictive | 高 |
81 | File | xxxx.xxx | predictive | 中 |
82 | File | xx.xxx | predictive | 低 |
83 | File | xxxxxxxxx/xxxxxxx/xxxxxx/xxxxxxxxxx.xxx | predictive | 高 |
84 | File | xxxxx.xxx | predictive | 中 |
85 | File | xxxxx_xx.xxxx | predictive | 高 |
86 | File | xxxx/xxxxxxxxx/xxxxxx/xxxxxxxxxxxxxxxxxxxxx.xxx | predictive | 高 |
87 | File | xxxxxxxx_xxxxxxx.xxx | predictive | 高 |
88 | File | xxxx.xxx | predictive | 中 |
89 | File | xxx/xxx.xxx | predictive | 中 |
90 | File | xxxxxxx.xxx | predictive | 中 |
91 | File | xxxxxx.xxx/xxxx_xxxx_xxxx.xxx | predictive | 高 |
92 | File | xxxxxxxx/xxxxxx-xxxxx/xxxxxxxxxxx/xxxx.xx | predictive | 高 |
93 | File | xxxxxxx.xxx | predictive | 中 |
94 | File | xxxxxx.x | predictive | 中 |
95 | File | xxxx.xxx | predictive | 中 |
96 | File | xxxxxxx.xxx | predictive | 中 |
97 | File | xxxxxxx_xxxx.xxx | predictive | 高 |
98 | File | xxxxxxxx.x | predictive | 中 |
99 | File | xxxxx.xxx | predictive | 中 |
100 | File | xxxxxxxxxxxx.xxxx | predictive | 高 |
101 | File | xxxxxx/?x=xxxxx/\xxxxx\xxx/xxxxxxxxxxxxxx&xxxxxxxx=xxxx_xxxx_xxxx_xxxxx&xxxx[x]=xxxxxx&xxxx[x][] | predictive | 高 |
102 | File | xxxxx.xxx | predictive | 中 |
103 | File | xxxxxxxxxx.xxx | predictive | 高 |
104 | File | xxxxxxxx.xxx | predictive | 中 |
105 | File | xxxxxxxx/xxxxx/xxxxxxxx?xxxxxxxx | predictive | 高 |
106 | File | xxxxxxxx.xxx | predictive | 中 |
107 | File | xxxxxxxx.xxx | predictive | 中 |
108 | File | xxxxxxxx.xx?xxxxxxxxxxxx=xxxxxxxx&xxxx=x-xxxx&xxxxxxxx=xxxxxxxxxx&xx | predictive | 高 |
109 | File | xxxxx.xxx | predictive | 中 |
110 | File | xxxxxxxxxxx.xxx | predictive | 高 |
111 | File | xxxxxxxxx_xxx | predictive | 高 |
112 | File | xxxx.xxx | predictive | 中 |
113 | File | xxx/xxxxxxx/xxxxxxx/xxxxx.xx | predictive | 高 |
114 | File | xxxxx/xxxxx.xxx | predictive | 高 |
115 | File | xxxxxxxx.xxx | predictive | 中 |
116 | File | xxx_xxxxx_xxxxxxx_xxxx.xxx | predictive | 高 |
117 | File | x/xxxxx.xxx | predictive | 中 |
118 | File | xxx-xxxxxxx-xxx.xx | predictive | 高 |
119 | File | xxxxxxxxx.xxx | predictive | 高 |
120 | File | xxxxxxxxx.xxx | predictive | 高 |
121 | File | xxxx/xxx/xxxx-xxxxx.xxx | predictive | 高 |
122 | File | xxxxxxxxxx | predictive | 中 |
123 | File | xxxxxxxx.xxx | predictive | 中 |
124 | File | xxxxxxx/xxxxx.xxx | predictive | 高 |
125 | File | xx-xxxxx/xxxxxxx.xxx | predictive | 高 |
126 | File | xx-xxxxxx.xxx | predictive | 高 |
127 | File | xx-xxxxxxxx.xxx | predictive | 高 |
128 | File | ~/xxxxxxxxx/ | predictive | 中 |
129 | Argument | xx/xx | predictive | 低 |
130 | Argument | xxxxxx | predictive | 低 |
131 | Argument | xxx | predictive | 低 |
132 | Argument | xxxxxxx_xxxx | predictive | 中 |
133 | Argument | xxxxxxxx | predictive | 中 |
134 | Argument | xxxxxx_xxxx | predictive | 中 |
135 | Argument | xxxxxxxx | predictive | 中 |
136 | Argument | xxx | predictive | 低 |
137 | Argument | xxx | predictive | 低 |
138 | Argument | xxxxxxxxxx | predictive | 中 |
139 | Argument | xxxxxxxxxxxxxxxxx | predictive | 高 |
140 | Argument | xxxxx | predictive | 低 |
141 | Argument | xxxxxxxxxxx(xxxxxx) | predictive | 高 |
142 | Argument | xxxxxxxxxxx/xxxxxxxx/xxx/xxxxx | predictive | 高 |
143 | Argument | xxxx | predictive | 低 |
144 | Argument | xxxx/xxxxxx/xxx | predictive | 高 |
145 | Argument | xxxxxx_xx | predictive | 中 |
146 | Argument | xxxxx | predictive | 低 |
147 | Argument | xxxxx | predictive | 低 |
148 | Argument | xxxxx | predictive | 低 |
149 | Argument | xxxxxxxx | predictive | 中 |
150 | Argument | xxxxxx | predictive | 低 |
151 | Argument | xxxx/xxxxxxx/xxx/xxxxxxxxx | predictive | 高 |
152 | Argument | xxxxxxxxxxxx | predictive | 中 |
153 | Argument | xxxxx_xx | predictive | 中 |
154 | Argument | xxxx | predictive | 低 |
155 | Argument | xxxx | predictive | 低 |
156 | Argument | xxxx | predictive | 低 |
157 | Argument | xx | predictive | 低 |
158 | Argument | xx/xxx | predictive | 低 |
159 | Argument | xxxx | predictive | 低 |
160 | Argument | xxxxxx | predictive | 低 |
161 | Argument | xxxxxx | predictive | 低 |
162 | Argument | xxxxx[xxxxx][xx] | predictive | 高 |
163 | Argument | xxxxx | predictive | 低 |
164 | Argument | xxxxxxxx[xx] | predictive | 中 |
165 | Argument | xxxxxxx | predictive | 低 |
166 | Argument | xxxx | predictive | 低 |
167 | Argument | xxxx_xxxx | predictive | 中 |
168 | Argument | xxxx | predictive | 低 |
169 | Argument | xxxxxxxx | predictive | 中 |
170 | Argument | xxxxxxxxx | predictive | 中 |
171 | Argument | xxx_xxxx | predictive | 中 |
172 | Argument | xxxxxx/xxxxx/xxxx | predictive | 高 |
173 | Argument | xxxxxxxx | predictive | 中 |
174 | Argument | xxxx | predictive | 低 |
175 | Argument | xxxxx | predictive | 低 |
176 | Argument | xxxxx_xxxxxx | predictive | 中 |
177 | Argument | xxxxxxx/xxxxx | predictive | 高 |
178 | Argument | xxxxxxxx | predictive | 中 |
179 | Argument | xxxxxxxx | predictive | 中 |
180 | Argument | xxxxxxxxxx | predictive | 中 |
181 | Argument | xxxxxx_xxx | predictive | 中 |
182 | Argument | xxxx_xx | predictive | 低 |
183 | Argument | xxxxxxx | predictive | 低 |
184 | Argument | xxxxxxxxxx_xxxx | predictive | 高 |
185 | Argument | xxxxxxxx_xxxxxxxx | predictive | 高 |
186 | Argument | xxx_xxxxx_xx | predictive | 中 |
187 | Argument | xxxxxx-xxxx-xx | predictive | 高 |
188 | Argument | xxxxxxxxxxxxxxxxxxxxx | predictive | 高 |
189 | Argument | xxxx_xx | predictive | 低 |
190 | Argument | xxx | predictive | 低 |
191 | Argument | xxx | predictive | 低 |
192 | Argument | xxx | predictive | 低 |
193 | Argument | xxx | predictive | 低 |
194 | Argument | xxxx | predictive | 低 |
195 | Argument | xxxx-xxxxx | predictive | 中 |
196 | Argument | xxxxxxxx | predictive | 中 |
197 | Argument | xxxx_xxxxx | predictive | 中 |
198 | Argument | xxxx | predictive | 低 |
199 | Argument | xxxx/xx/xxxx/xxx | predictive | 高 |
200 | Argument | xxx_xxxx | predictive | 中 |
201 | Argument | x-xxxxxxxxx-xxxx | predictive | 高 |
202 | Argument | x-xxxx | predictive | 低 |
203 | Argument | _xxxxxxx | predictive | 中 |
204 | Input Value | %xx%xx%xx%xx | predictive | 中 |
205 | Input Value | .%xx.../.%xx.../ | predictive | 高 |
206 | Input Value | ../../../../../xxx/xxx/xxxxx/xxxx/xxxxxxxx/xxxxx/xxx.xxx | predictive | 高 |
207 | Input Value | x=x | predictive | 低 |
208 | Input Value | xxxxxxx -xxx | predictive | 中 |
209 | Input Value | xxxxxxxxxx | predictive | 中 |
210 | Input Value | \x | predictive | 低 |
211 | Network Port | xxxx | predictive | 低 |
212 | Network Port | xxxx | predictive | 低 |
213 | Network Port | xxxx xxxx | predictive | 中 |
214 | Network Port | xxx/xxx | predictive | 低 |
215 | Network Port | xxx/xxxx | predictive | 中 |
参考 (25)
The following list contains external sources which discuss the actor and the associated activities:
- https://github.com/vuldb/cyber_threat_intelligence/tree/main/actors/NetSupportManager%20RAT
- https://infosec.exchange/@malware_traffic/109762477310102114
- https://infosec.exchange/@monitorsg/110845381557169819
- https://infosec.exchange/@monitorsg/111049253426039837
- https://infosec.exchange/@monitorsg/111205676690966247
- xxxxx://xxxxxxx.xxxxxxxx/@xxxxxxxxx/xxxxxxxxxxxxxxxxxx
- xxxxx://xxxxxxx.xxxxxxxx/@xxxxxxxxx/xxxxxxxxxxxxxxxxxx
- xxxxx://xxxxxxx.xxxxxxxx/@xxxxxxxxx/xxxxxxxxxxxxxxxxxx
- xxxxx://xxxxxxx.xxxxxxxx/@xxxxxxxxx/xxxxxxxxxxxxxxxxxx
- xxxxx://xxxxxxx.xxxxxxxx/@xxxxxxxxx/xxxxxxxxxxxxxxxxxx
- xxxxx://xxxxxxx.xxxxxxxx/@xxxxxxxxx/xxxxxxxxxxxxxxxxxx
- xxxxx://xxxxxxx.xxxxxxxx/@xxxxxxxxx/xxxxxxxxxxxxxxxxxx
- xxxxx://xxxxxxx.xxxxxxxx/@xxxxxxxxx/xxxxxxxxxxxxxxxxxx
- xxxxx://xxx.xxxxxxxx/@xxxxxxxxx@xxxxxxx.xxxxxxxx/xxxxxxxxxxxxxxxxxx
- xxxxx://xxx.xxxxxxxx/@xxxxxxx@xxxxxxx.xxxxxxxx/xxxxxxxxxxxxxxxxxx
- xxxxx://xxxxxxxxx.xxxxx.xx
- xxxxx://xxxxxxx.xxx/xxxxxxx/xxxxxx/xxxxxxxxxxxxxxxxxxx
- xxxxx://xxxxxxx.xxx/xxxxxxxxxxxxx/xxxxxx/xxxxxxxxxxxxxxxxxxx
- xxxxx://xxxxxxx.xxx/xxxxxxxxxx/xxxxxx/xxxxxxxxxxxxxxxxxxx
- xxxxx://xxxxxxx.xxx/xxxxx_xx/xxxxxx/xxxxxxxxxxxxxxxxxxx
- xxxxx://xxxxxxx.xxx/xxxxxxxxxxx/xxxxxx/xxxxxxxxxxxxxxxxxxx
- xxxxx://xxxxxxx.xxx/xxxxxxxxxxx/xxxxxx/xxxxxxxxxxxxxxxxxxx
- xxxxx://xxxxxxx.xxx/xxxxxxxxxxxxxxx/xxxxxx/xxxxxxxxxxxxxxxxxxx
- xxxxx://xxxxxxx.xxxxx.xx/xxxx/xxxxxxxxxx.xxx/
- xxxxx://xxxxxxx.xxxxx.xx/xxx/xxxxxxx/
Samples (17)
The following list contains associated samples:
- https://bazaar.abuse.ch/sample/1a9b3968a2f3a4ae0c9c51e6fc41a48829ac4a0fa118a7530c36715638ef0209/
- https://bazaar.abuse.ch/sample/4a9f42167f399abfbb42a5ee4d52922eb3f7f1ce88d23824f01d13e50609b8b9/
- https://bazaar.abuse.ch/sample/6fe2ea8db2edb522cd33b8d2539ed73cc708f086a65a0e6f8577b4a001d36bd5/
- https://bazaar.abuse.ch/sample/26cad4ec29bc07d7b2c32c94dbbef397391babf1c78cc533950b325aaf11bba8/
- https://bazaar.abuse.ch/sample/48a8c57895c2cfdf13a402e669a9964f56128521404e47b4727672f8ca91a90d/
- xxxxx://xxxxxx.xxxxx.xx/xxxxxx/xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx/
- xxxxx://xxxxxx.xxxxx.xx/xxxxxx/xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx/
- xxxxx://xxxxxx.xxxxx.xx/xxxxxx/xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx/
- xxxxx://xxxxxx.xxxxx.xx/xxxxxx/xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx/
- xxxxx://xxxxxx.xxxxx.xx/xxxxxx/xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx/
- xxxxx://xxxxxx.xxxxx.xx/xxxxxx/xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx/
- xxxxx://xxxxxx.xxxxx.xx/xxxxxx/xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx/
- xxxxx://xxxxxx.xxxxx.xx/xxxxxx/xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx/
- xxxxx://xxxxxx.xxxxx.xx/xxxxxx/xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx/
- xxxxx://xxxxxx.xxxxx.xx/xxxxxx/xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx/
- xxxxx://xxxxxx.xxxxx.xx/xxxxxx/xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx/
- xxxxx://xxxxxx.xxxxx.xx/xxxxxx/xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx/