NetSupport Intrusion Results in Domain Compromise | allinfosecnews.com

Oct. 30, 2023, 1:17 p.m. | /u/TheDFIRReport

Malware Analysis & Reports www.reddit.com

This intrusion began with an email delivered with a zip file containing a malicious Javascript file. Following email delivery, a user extracted and executed the Javascript file. The JavaScript code pulled down an obfuscated PowerShell script that was run in memory. The PowerShell script was responsible for deploying NetSupport onto the system along with ensuring the script was not running in a sandbox and establishing persistence using registry run keys.

[https://thedfirreport.com/2023/10/30/netsupport-intrusion-results-in-domain-compromise/](https://thedfirreport.com/2023/10/30/netsupport-intrusion-results-in-domain-compromise/)

code compromise delivery domain down email file intrusion javascript malicious malware memory netsupport obfuscated powershell powershell script pulled responsible results run script system zip

More from www.reddit.com / Malware Analysis & Reports

Phising opensea 3 days, 12 hours ago | www.reddit.com

mail malware opensea phishing +1

Understanding How CVEProject/cvelistV5 Works 5 days, 19 hours ago | www.reddit.com

api cve cves etc +18

[Video] Triaging Files on VirusTotal 1 week, 3 days ago | www.reddit.com

files malware video virustotal

Need recommendations for Premium Tools 1 week, 3 days ago | www.reddit.com

analysis atm budget can +12

Are hidden incoming SMS common for C&C? 1 week, 6 days ago | www.reddit.com

account android android malware carrier +12

Attackers exploiting new critical OpenMetadata vulnerabilities on Kubernetes clusters 1 week, 6 days ago | www.reddit.com

attackers clusters critical exploiting +5

A Powerful tracing engine based on Qemu 2 weeks, 3 days ago | www.reddit.com

binary called can case +20

[Fixed] Coding The Rat King: A Multi-Family Malware Configuration Parser 2 weeks, 4 days ago | www.reddit.com

code coding configuration family +5

Dynamic Malware Analysis of Konni RAT Malware APT37 With Any.Run 3 weeks, 3 days ago | www.reddit.com

advanced amp analysis any.run +22

SOC 2 Manager, Audit and Certification

@ Deloitte | US and CA Multiple Locations

View on infosec-jobs.com

Information Security Engineer - Vulnerability Management

@ Starling Bank | Southampton, England, United Kingdom

View on infosec-jobs.com

Manager Cybersecurity

@ Sia Partners | Rotterdam, Netherlands

View on infosec-jobs.com

Compliance Analyst

@ SiteMinder | Manila

View on infosec-jobs.com

Information System Security Engineer (ISSE)-Level 3, OS&CI Job #447

@ Allen Integrated Solutions | Chantilly, Virginia, United States

View on infosec-jobs.com

Enterprise Cyber Security Analyst – Advisory and Consulting

@ Ford Motor Company | Mexico City, MEX, Mexico

View on infosec-jobs.com