2017-12-06 - QUICK POST: EITEST HOEFLERTEXT POPUP PUSHES NETSUPPORT MANAGER RAT
- Zip archive of the traffic: 2017-12-06-fake-HoeflerText-font-pushes-NetSupport-Manager-RAT.pcap.zip 3.4 MB (3,447,458 bytes)
- Zip archive of the malware/artifacts: 2017-12-06-fake-HoeflerText-font-pushes-NetSupport-Manager-RAT-malware-and-artifacts.zip 202 kB (201,582 bytes)
- This is just a quick post with the pcaps/malware.
- Zip archives are password-protected with the standard password. If you don't know it, look at the "about" page of this website.
- For background, see the Sep 2017 Palo Alto Networks blog: EITest: HoeflerText Popups Targeting Google Chrome Users Now Push RAT Malware.
- Haven't done any decent write-ups on this in a while, but it's still much like I documented back on 2017-10-26.
- Nofication for today's activity came from this tweet by @killamjr.
Click here to return to the main page.