Skip to content

Commit

Permalink
Merge pull request #998 from cert-cwatch/master
Browse files Browse the repository at this point in the history
New Target - SoftPerfect Nework Scanner 'Netscan'
  • Loading branch information
AndrewRathbun authored Nov 29, 2024
2 parents 31a7e22 + 9e03619 commit 069d57b
Showing 1 changed file with 21 additions and 0 deletions.
21 changes: 21 additions & 0 deletions Targets/Apps/SoftPerfectNetscan.tkape
Original file line number Diff line number Diff line change
@@ -0,0 +1,21 @@
Description: Soft Perfect Network Scanner Output
Author: CERT CWATCH - ALMOND
Version: 1.0
Id: 0b5e2e0e-c5d7-4fa8-8ae7-6a257291bb57
RecreateDirectories: true
Targets:
-
Name: Netscan XML default output
Category: Apps
Path: C:\
FileMask: 'netscan.xml'
Recursive: true

# Documentation
# SoftPerfect Network Scanner 'Netscan' is a lightweight scanning tool commonly leveraged by threat actors.
# By default, it creates an XML file named 'netscan.xml'.
# This file stores credentials in use and a cache of previously scanned machines.
# Retrieving this file from compromised systems can provide a quick advantage during incident response by swiftly identifying the affected scope.
# https://almond.eu/wp-content/uploads/Almond-x-Amossys-8Base.pdf
# https://www.softperfect.com/products/networkscanner/
# https://www.protect.airbus.com/blog/uncovering-cyber-intruders-netscan/

0 comments on commit 069d57b

Please sign in to comment.