216.73.217.80

Detecting evolving threats: NetSupport RAT campaign

· Published 02/08/2024 08:25 · Modified 02/08/2024 08:32

Export JSON

Essential information

Published
02/08/2024 08:25
Modified
02/08/2024 08:32
Tags
2024-08-02 malvertising netsupport rat obfuscation persistence powershell rat
Related entities
3 observables, 9 techniques (mitre), 1 malware

Description

This analysis examines a recent malware campaign that utilizes the , a legitimate remote administration tool, for persistent infections. The threat actors behind this campaign employ techniques and updates to evade detection. However, by identifying weaknesses in the methods and leveraging indicators of compromise, security researchers have developed effective detection mechanisms. The report delves into the various stages of the campaign, including the initial JavaScript stager, the dropper, and the final payload delivery. It also provides insights into the detection methodologies employed by Cisco Talos, utilizing open-source tools like Snort for network-level detection and ClamAV for malware scanning.

External references