Skip to content Dark Web Informer - Cyber Threat Intelligence
IOC

IOC Alert: NetSupport Manager RAT Payload Delivery – wood-simple[.]com/drip.sym

📖 Overview
A new URL-based indicator has been identified delivering NetSupport Manager RAT. The domain is associated with the SmartApeSG campaign and is actively used for payload delivery. This IOC represents a high-confidence threat to endpoints, enabling full remote access capabilities once executed.


📌 Key Details

FieldInformation
TypeURL
Indicatorwood-simple[.]com/drip.sym
Threat TypePayload Delivery
Malwarewin.netsupportmanager_rat
Confidence100%
Date02 Sep 2025 – 12:10:58 UTC
TagsSmartApeSG
Reportermonitorsg

🔎 URLScan Result
Page Title: No Title
Screenshot: https://urlscan.io/screenshots/01990a58-927f-71f8-8d21-5b4f87b96914.png
Result: https://urlscan.io/result/01990a58-927f-71f8-8d21-5b4f87b96914/


📡 Related Intelligence
VirusTotal Report: https://www.virustotal.com/gui/url/93b064ddedb6cf394cce4eadc05caad150e6834f79ff93a796e71ba4a3c03ec7
Reference: https://infosec.exchange/@monitorsg/115134631148960678


🛡️ Defensive Guidance

  • Block wood-simple[.]com at the network and endpoint level.
  • Monitor for file retrieval attempts from /drip.sym.
  • Hunt for NetSupport Manager RAT persistence artifacts in endpoint telemetry.
  • Review proxy and firewall logs for suspicious outbound requests to this domain.

Latest