ThaiCERT    ETDA    MDES
Report
Search
Home > List all groups > List all tools > List all groups using tool NetHelp Infostealer

Threat Group Cards: A Threat Actor Encyclopedia

Permanent link Tool: NetHelp Infostealer

NamesNetHelp Infostealer
NetHelp Striker
CategoryMalware
TypeBackdoor, Info stealer
Description(Recorded Future) The NetHelp payload was only designed to work as a service (a persistence method established by the audio dropper of matching bitness). The payload dynamically links APIs at runtime via GetProcAddress and LoadLibrary.

The implant simultaneously relied on two methods of communication: creating a separate thread with an open socket to the server on port 80, as well as issuing POST requests to the C2 server with the specific User-Agent.
Information<https://www.recordedfuture.com/redalpha-cyber-campaigns/>

Last change to this tool card: 19 April 2020

Download this tool card in JSON format

All groups using tool NetHelp Infostealer

ChangedNameCountryObserved

APT groups

 RedAlphaChina2015-2017 

1 group listed (1 APT, 0 other, 0 unknown)

Thailand Computer Emergency Response Team (ThaiCERT)
Electronic Transactions Development Agency

Follow us on

Facebook Twitter

Report incidents

Telephone +66 (0)2-123-1234
E-mail report@thaicert.or.th
PGP Download PGP key