""ET TROJAN NetSupport RAT with System Information""
SID: 2035894
Revision: 1
Class Type: trojan-activity
Metadata: attack_target Client_Endpoint, created_at 2017_08_31, deployment Perimeter, malware_family NetSupport_RAT, performance_impact Moderate, signature_severity Major, updated_at 2022_08_29
Reference:
-
md5
-
78c80a33f77d5efd69969b5ddf93e348
Protocol: tcp
Source Network: $HOME_NET
Source Port: any
Destination Network: $EXTERNAL_NET
Destination Port: any
Flow: established,from_client
Contents:
-
Value: "POST http|3a|//" Depth: 12
-
Value: "User-Agent|3a 20|NetSupport Manager/1.3"
-
Value: !"Accept"
-
Value: !"Referer"
-
Value: "CMD="
-
Value: "CLIENT_ADDR="
-
Value: "PORT="
-
Value: "MACADDRESS="
Within:
PCRE:
Special Options:
- fast_pattern