📖 Overview
A new URL-based indicator has been identified delivering NetSupport Manager RAT. The domain is associated with the SmartApeSG campaign and is actively used for payload delivery. This IOC represents a high-confidence threat to endpoints, enabling full remote access capabilities once executed.
📌 Key Details
Field | Information |
---|---|
Type | URL |
Indicator | wood-simple[.]com/drip.sym |
Threat Type | Payload Delivery |
Malware | win.netsupportmanager_rat |
Confidence | 100% |
Date | 02 Sep 2025 – 12:10:58 UTC |
Tags | SmartApeSG |
Reporter | monitorsg |
🔎 URLScan Result
Page Title: No Title
Screenshot: https://urlscan.io/screenshots/01990a58-927f-71f8-8d21-5b4f87b96914.png
Result: https://urlscan.io/result/01990a58-927f-71f8-8d21-5b4f87b96914/

📡 Related Intelligence
VirusTotal Report: https://www.virustotal.com/gui/url/93b064ddedb6cf394cce4eadc05caad150e6834f79ff93a796e71ba4a3c03ec7
Reference: https://infosec.exchange/@monitorsg/115134631148960678
🛡️ Defensive Guidance
- Block
wood-simple[.]com
at the network and endpoint level. - Monitor for file retrieval attempts from
/drip.sym
. - Hunt for NetSupport Manager RAT persistence artifacts in endpoint telemetry.
- Review proxy and firewall logs for suspicious outbound requests to this domain.