Skip to content Dark Web Informer - Cyber Threat Intelligence
IOC

IOC Alert: win.netsupportmanager_rat Payload Delivery

📖 Overview
A new URL-based indicator has been identified associated with payload delivery activity tied to the malware win.netsupportmanager_rat. This malicious URL, hosted under the domain linomu[.]com, masquerades as a legitimate JavaScript resource but instead delivers a remote access trojan with full control capabilities.


📌 Key Details

FieldInformation
TypeURL
Indicatorlinomu[.]com/ajax/pixi.min.js
Threat TypePayload Delivery
Malwarewin.netsupportmanager_rat
Confidence100%
Date28 Aug 2025 – 14:02:09 UTC
TagsSmartApeSG
Reportermonitorsg

🔎 URLScan Result


📡 Related Intelligence


🛡️ Defensive Guidance

  • Block linomu[.]com at the network and endpoint level.
  • Monitor for suspicious script loads from unexpected domains.
  • Hunt for win.netsupportmanager_rat persistence artifacts in endpoint telemetry.
  • Review proxy/firewall logs for attempted outbound requests to malicious JS payloads.

Latest