Rule Category

POLICY-OTHER --

Alert Message

POLICY-OTHER NetSupport Manager RAT outbound connection detected

Rule Explanation

This rule is looking for the unique User-Agent of the NetSupport Manager RAT client application. NetSupport is a commercially available IT tool that has been used by various threat actors as a malicious RAT.

What To Look For

This rule alerts on traffic from NetSupport Manager RAT.

Known Usage

Attacks/Scans seen in the wild

False Positives

No known false positives

Contributors

Cisco Talos Intelligence Group

Rule Groups

Rule Categories::Malware::Command and Control

MITRE::ATT&CK Framework::Enterprise::Command and Control::Application Layer Protocol

CVE

None

Additional Links

Rule Vulnerability

No information provided

CVE Additional Information

This product uses data from the NVD API but is not endorsed or certified by the NVD.

None