POLICY-OTHER --
POLICY-OTHER NetSupport Manager RAT outbound connection detected
This rule is looking for the unique User-Agent of the NetSupport Manager RAT client application. NetSupport is a commercially available IT tool that has been used by various threat actors as a malicious RAT.
This rule alerts on traffic from NetSupport Manager RAT.
Attacks/Scans seen in the wild
No known false positives
Cisco Talos Intelligence Group
Rule Categories::Malware::Command and Control
MITRE::ATT&CK Framework::Enterprise::Command and Control::Application Layer Protocol
None
No information provided
None