{ "type": "Domain", "indicator": "eiesoft.com", "general": { "sections": [ "general", "geo", "url_list", "passive_dns", "malware", "whois", "http_scans" ], "whois": "http://whois.domaintools.com/eiesoft.com", "alexa": "http://www.alexa.com/siteinfo/eiesoft.com", "indicator": "eiesoft.com", "type": "domain", "type_title": "Domain", "validation": [], "base_indicator": { "id": 4035567137, "indicator": "eiesoft.com", "type": "domain", "title": "", "description": "", "content": "", "access_type": "public", "access_reason": "" }, "pulse_info": { "count": 4, "pulses": [ { "id": "67ac545db98bda088419c061", "name": "NetSupport RAT Clickfix Distribution", "description": "", "modified": "2025-03-14T07:00:16.070000", "created": "2025-02-12T07:57:17.711000", "tags": [ "netsupport rat", "clickfix", "access trojan", "source", "january", "threat response", "unit", "powershell", "network", "compromise", "february", "refer", "virustotal" ], "references": [ "https://www.esentire.com/security-advisories/netsupport-rat-clickfix-distribution" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 17, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "Tr1sa111", "id": "192483", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "CVE": 1, "FileHash-MD5": 1, "FileHash-SHA1": 1, "FileHash-SHA256": 3, "URL": 22, "domain": 9 }, "indicator_count": 37, "is_author": false, "is_subscribing": null, "subscriber_count": 278, "modified_text": "445 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "67aa41b21da119558f9c89b3", "name": "Cybercriminals Weaponize NetSupport RAT via ClickFix Attacks", "description": "Cybersecurity researchers have noted a sharp rise in the use of the NetSupport Remote Access Trojan (RAT), a malicious tool enabling attackers to take full control of infected systems. This increase is tied to the \"ClickFix\" Initial Access Vector, a social engineering tactic that deceives users into running harmful PowerShell commands.", "modified": "2025-03-12T18:03:27.272000", "created": "2025-02-10T18:13:06.831000", "tags": [ "netsupport rat", "clickfix", "access trojan", "source", "january", "threat response", "unit", "powershell", "network", "compromise", "february", "refer", "virustotal" ], "references": [ "https://www.esentire.com/security-advisories/netsupport-rat-clickfix-distribution" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 13, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "Superpro", "id": "61676", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "CVE": 1, "FileHash-MD5": 1, "FileHash-SHA1": 1, "FileHash-SHA256": 3, "URL": 22, "domain": 9 }, "indicator_count": 37, "is_author": false, "is_subscribing": null, "subscriber_count": 214, "modified_text": "446 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "67aa15d0babbde0f71a259a9", "name": "eSentire | NetSupport RAT Clickfix Distribution", "description": "Beginning in early January 2025, eSentire Threat Response Unit (TRU) observed an increase in the number of incidents involving the NetSupport Remote Access Trojan (RAT). This activity remains common leading into early February. NetSupport RAT grants the attackers full control over the victim's host, allowing them to monitor the user's screen, control the keyboard and mouse, upload and download files, and launch and execute malicious commands. If left undetected, NetSupport RAT can lead to advanced threats, including ransomware attacks, compromising sensitive data, and disrupting business operations.", "modified": "2025-03-12T15:01:41.823000", "created": "2025-02-10T15:05:52.444000", "tags": [ "netsupport rat", "clickfix", "access trojan", "source", "january", "threat response", "unit", "powershell", "network", "compromise", "february", "refer", "virustotal" ], "references": [ "https://www.esentire.com/security-advisories/netsupport-rat-clickfix-distribution" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 15, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "CyberHunter_NL", "id": "171283", "avatar_url": "/otxapi/users/avatar_image/media/avatars/user_171283/resized/80/avatar_3b9c358f36.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "CVE": 1, "FileHash-MD5": 1, "FileHash-SHA1": 1, "FileHash-SHA256": 3, "URL": 22, "domain": 9 }, "indicator_count": 37, "is_author": false, "is_subscribing": null, "subscriber_count": 863, "modified_text": "446 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "67aa5b2d006e4fb7bb19c7c0", "name": "NetSupport RAT Attackers Access to Victims\u2019 Systems", "description": "NetSupport RAT malicious tool allows attackers to gain full control over compromised systems.", "modified": "2025-02-10T20:01:49.561000", "created": "2025-02-10T20:01:49.561000", "tags": [ "http", "https" ], "references": [], "public": 1, "adversary": "CryptoGen Cyber Threat Intelligence Advisory", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 11, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "cryptocti", "id": "110256", "avatar_url": "/otxapi/users/avatar_image/media/avatars/user_110256/resized/80/avatar_e237a4257c.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "URL": 5, "domain": 3 }, "indicator_count": 8, "is_author": false, "is_subscribing": null, "subscriber_count": 500, "modified_text": "476 days ago ", "is_modified": false, "groups": [], "in_group": false, "threat_hunter_scannable": false, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 } ], "references": [ "https://www.esentire.com/security-advisories/netsupport-rat-clickfix-distribution" ], "related": { "alienvault": { "adversary": [], "malware_families": [], "industries": [] }, "other": { "adversary": [ "CryptoGen Cyber Threat Intelligence Advisory" ], "malware_families": [], "industries": [] } } }, "false_positive": [] }, "geo": {}, "geo_ipapicom": {}, "pulse_count": 4, "pulses": [ { "id": "67ac545db98bda088419c061", "name": "NetSupport RAT Clickfix Distribution", "description": "", "modified": "2025-03-14T07:00:16.070000", "created": "2025-02-12T07:57:17.711000", "tags": [ "netsupport rat", "clickfix", "access trojan", "source", "january", "threat response", "unit", "powershell", "network", "compromise", "february", "refer", "virustotal" ], "references": [ "https://www.esentire.com/security-advisories/netsupport-rat-clickfix-distribution" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 17, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "Tr1sa111", "id": "192483", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "CVE": 1, "FileHash-MD5": 1, "FileHash-SHA1": 1, "FileHash-SHA256": 3, "URL": 22, "domain": 9 }, "indicator_count": 37, "is_author": false, "is_subscribing": null, "subscriber_count": 278, "modified_text": "445 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "67aa41b21da119558f9c89b3", "name": "Cybercriminals Weaponize NetSupport RAT via ClickFix Attacks", "description": "Cybersecurity researchers have noted a sharp rise in the use of the NetSupport Remote Access Trojan (RAT), a malicious tool enabling attackers to take full control of infected systems. This increase is tied to the \"ClickFix\" Initial Access Vector, a social engineering tactic that deceives users into running harmful PowerShell commands.", "modified": "2025-03-12T18:03:27.272000", "created": "2025-02-10T18:13:06.831000", "tags": [ "netsupport rat", "clickfix", "access trojan", "source", "january", "threat response", "unit", "powershell", "network", "compromise", "february", "refer", "virustotal" ], "references": [ "https://www.esentire.com/security-advisories/netsupport-rat-clickfix-distribution" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 13, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "Superpro", "id": "61676", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "CVE": 1, "FileHash-MD5": 1, "FileHash-SHA1": 1, "FileHash-SHA256": 3, "URL": 22, "domain": 9 }, "indicator_count": 37, "is_author": false, "is_subscribing": null, "subscriber_count": 214, "modified_text": "446 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "67aa15d0babbde0f71a259a9", "name": "eSentire | NetSupport RAT Clickfix Distribution", "description": "Beginning in early January 2025, eSentire Threat Response Unit (TRU) observed an increase in the number of incidents involving the NetSupport Remote Access Trojan (RAT). This activity remains common leading into early February. NetSupport RAT grants the attackers full control over the victim's host, allowing them to monitor the user's screen, control the keyboard and mouse, upload and download files, and launch and execute malicious commands. If left undetected, NetSupport RAT can lead to advanced threats, including ransomware attacks, compromising sensitive data, and disrupting business operations.", "modified": "2025-03-12T15:01:41.823000", "created": "2025-02-10T15:05:52.444000", "tags": [ "netsupport rat", "clickfix", "access trojan", "source", "january", "threat response", "unit", "powershell", "network", "compromise", "february", "refer", "virustotal" ], "references": [ "https://www.esentire.com/security-advisories/netsupport-rat-clickfix-distribution" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 15, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "CyberHunter_NL", "id": "171283", "avatar_url": "/otxapi/users/avatar_image/media/avatars/user_171283/resized/80/avatar_3b9c358f36.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "CVE": 1, "FileHash-MD5": 1, "FileHash-SHA1": 1, "FileHash-SHA256": 3, "URL": 22, "domain": 9 }, "indicator_count": 37, "is_author": false, "is_subscribing": null, "subscriber_count": 863, "modified_text": "446 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "67aa5b2d006e4fb7bb19c7c0", "name": "NetSupport RAT Attackers Access to Victims\u2019 Systems", "description": "NetSupport RAT malicious tool allows attackers to gain full control over compromised systems.", "modified": "2025-02-10T20:01:49.561000", "created": "2025-02-10T20:01:49.561000", "tags": [ "http", "https" ], "references": [], "public": 1, "adversary": "CryptoGen Cyber Threat Intelligence Advisory", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 11, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "cryptocti", "id": "110256", "avatar_url": "/otxapi/users/avatar_image/media/avatars/user_110256/resized/80/avatar_e237a4257c.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "URL": 5, "domain": 3 }, "indicator_count": 8, "is_author": false, "is_subscribing": null, "subscriber_count": 500, "modified_text": "476 days ago ", "is_modified": false, "groups": [], "in_group": false, "threat_hunter_scannable": false, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 } ], "error": null, "vt": { "error": "VirusTotal rate limit reached. Try again shortly.", "indicator": "eiesoft.com", "type": "Domain" }, "abuseipdb": null, "urlhaus": { "indicator": "eiesoft.com", "found": true, "verdict": "malicious", "url_count": 1, "online_count": 0, "blacklists": { "spamhaus_dbl": "not listed", "surbl": "not listed" }, "urls": [ { "url": "http://eiesoft.com/Ray-verify.html", "status": "offline", "threat": "malware_download", "date_added": "2025-01-16", "tags": [ "ClickFix", "hta", "NetSupportRAT" ] } ], "error": null }, "from_cache": true, "_cached_at": 1780398176.3010612 }