Names | NetHelp Infostealer NetHelp Striker | |
Category | Malware | |
Type | Backdoor, Info stealer | |
Description | (Recorded Future) The NetHelp payload was only designed to work as a service (a persistence method established by the audio dropper of matching bitness). The payload dynamically links APIs at runtime via GetProcAddress and LoadLibrary. The implant simultaneously relied on two methods of communication: creating a separate thread with an open socket to the server on port 80, as well as issuing POST requests to the C2 server with the specific User-Agent. | |
Information | <https://www.recordedfuture.com/redalpha-cyber-campaigns/> |
Last change to this tool card: 20 April 2020
Download this tool card in JSON format
Previous: NetFlash
Next: NetPwdDump
Changed | Name | Country | Observed | ||
APT groups | |||||
RedAlpha | 2015-2021 |
1 group listed (1 APT, 0 other, 0 unknown)
Digital Service Security Center Follow us on |
Report incidents |
|
+66 (0)2-123-1227 | ||
[email protected] |