From be6ec58cb9a29be83a6bff8ce339bab1440f522c Mon Sep 17 00:00:00 2001
From: cert-cwatch <149478619+cert-cwatch@users.noreply.github.com>
Date: Thu, 28 Nov 2024 18:18:35 +0100
Subject: [PATCH 1/2] Create SoftPerfectNetscan.tkape

---
 Targets/Apps/SoftPerfectNetscan.tkape | 21 +++++++++++++++++++++
 1 file changed, 21 insertions(+)
 create mode 100644 Targets/Apps/SoftPerfectNetscan.tkape

diff --git a/Targets/Apps/SoftPerfectNetscan.tkape b/Targets/Apps/SoftPerfectNetscan.tkape
new file mode 100644
index 000000000..c323c47c5
--- /dev/null
+++ b/Targets/Apps/SoftPerfectNetscan.tkape
@@ -0,0 +1,21 @@
+Description: Soft Perfect Network Scanner Output 
+Author: CERT CWATCH - ALMOND
+Version: 1.0
+Id: 0b5e2e0e-c5d7-4fa8-8ae7-6a257291bb57
+RecreateDirectories: true
+Targets: 
+    -
+        Name: Netscan XML default output 
+        Category: Apps
+        Path: C:\
+        FileMask: 'netscan.xml'
+        Recursive: true
+
+# Documentation
+# SoftPerfect Network Scanner 'Netscan' is a lightweight scanning tool commonly leveraged by threat actors.  
+# By default, it creates an XML file named 'netscan.xml'.  
+# This file stores credentials in use and a cache of previously scanned machines.  
+# Retrieving this file from compromised systems can provide a quick advantage during incident response by swiftly identifying the affected scope.
+# https://almond.eu/wp-content/uploads/Almond-x-Amossys-8Base.pdf
+# https://www.softperfect.com/products/networkscanner/
+# https://www.protect.airbus.com/blog/uncovering-cyber-intruders-netscan/

From 9e03619ec2d72c2d108ffde8fb3881e7652ab792 Mon Sep 17 00:00:00 2001
From: Andrew Rathbun <36825567+AndrewRathbun@users.noreply.github.com>
Date: Fri, 29 Nov 2024 11:22:59 -0500
Subject: [PATCH 2/2] Update SoftPerfectNetscan.tkape

lint fixes
---
 Targets/Apps/SoftPerfectNetscan.tkape | 12 ++++++------
 1 file changed, 6 insertions(+), 6 deletions(-)

diff --git a/Targets/Apps/SoftPerfectNetscan.tkape b/Targets/Apps/SoftPerfectNetscan.tkape
index c323c47c5..5a6027f72 100644
--- a/Targets/Apps/SoftPerfectNetscan.tkape
+++ b/Targets/Apps/SoftPerfectNetscan.tkape
@@ -1,20 +1,20 @@
-Description: Soft Perfect Network Scanner Output 
+Description: Soft Perfect Network Scanner Output
 Author: CERT CWATCH - ALMOND
 Version: 1.0
 Id: 0b5e2e0e-c5d7-4fa8-8ae7-6a257291bb57
 RecreateDirectories: true
-Targets: 
+Targets:
     -
-        Name: Netscan XML default output 
+        Name: Netscan XML default output
         Category: Apps
         Path: C:\
         FileMask: 'netscan.xml'
         Recursive: true
 
 # Documentation
-# SoftPerfect Network Scanner 'Netscan' is a lightweight scanning tool commonly leveraged by threat actors.  
-# By default, it creates an XML file named 'netscan.xml'.  
-# This file stores credentials in use and a cache of previously scanned machines.  
+# SoftPerfect Network Scanner 'Netscan' is a lightweight scanning tool commonly leveraged by threat actors.
+# By default, it creates an XML file named 'netscan.xml'.
+# This file stores credentials in use and a cache of previously scanned machines.
 # Retrieving this file from compromised systems can provide a quick advantage during incident response by swiftly identifying the affected scope.
 # https://almond.eu/wp-content/uploads/Almond-x-Amossys-8Base.pdf
 # https://www.softperfect.com/products/networkscanner/