mirror of https://github.com/vuldb/cyber_threat_intelligence synced 2024-06-27 09:28:52 +00:00

History

Marc Ruef 9acd7aff46 Update February 2024		2024-02-02 10:19:44 +01:00
..
README.md	Update February 2024	2024-02-02 10:19:44 +01:00

README.md

NjRAT - Cyber Threat Intelligence

These indicators were reported, collected, and generated during the VulDB CTI analysis of the actor known as NjRAT. The activity monitoring correlates data from social media, forums, chat rooms, and darknet markets. It helps to determine associated actors, specific activities, expected intentions, emerging research, and ongoing attacks. Our unique predictive model uses big data to forecast activities and their characteristics.

Live data and more analysis capabilities are available at https://vuldb.com/?actor.njrat

Countries

These countries are directly (e.g. origin of attacks) or indirectly (e.g. access by proxy) associated with NjRAT:

There are 20 more country items available. Please use our online service to access the data.

IOC - Indicator of Compromise

These indicators of compromise (IOC) indicate associated network resources which are known to be part of research and attack activities of NjRAT.

ID	IP address	Hostname	Campaign	Confidence
1	1.227.134.55	-	-	High
2	1.234.37.232	-	-	High
3	1.243.157.185	-	-	High
4	2.56.214.165	-	-	High
5	2.57.90.16	-	-	High
6	2.58.149.13	-	-	High
7	2.58.149.171	-	-	High
8	2.60.38.237	-	-	High
9	2.61.31.155	dynamic-2-61-31-155.pppoe.khakasnet.ru	-	High
10	2.91.138.211	-	-	High
11	2.94.84.197	-	-	High
12	2.94.113.188	-	-	High
13	2.95.50.14	-	-	High
14	2.132.107.223	2.132.107.223.megaline.telecom.kz	-	High
15	2.133.189.217	2.133.189.217.megaline.telecom.kz	-	High
16	2.207.101.83	dslb-002-207-101-083.002.207.pools.vodafone-ip.de	-	High
17	2.224.144.191	2-224-144-191.ip170.fastwebnet.it	-	High
18	3.6.30.85	ec2-3-6-30-85.ap-south-1.compute.amazonaws.com	-	Medium
19	3.6.98.232	ec2-3-6-98-232.ap-south-1.compute.amazonaws.com	-	Medium
20	3.6.115.64	ec2-3-6-115-64.ap-south-1.compute.amazonaws.com	-	Medium
21	3.6.115.182	ec2-3-6-115-182.ap-south-1.compute.amazonaws.com	-	Medium
22	3.6.122.107	ec2-3-6-122-107.ap-south-1.compute.amazonaws.com	-	Medium
23	3.13.191.225	ec2-3-13-191-225.us-east-2.compute.amazonaws.com	-	Medium
24	3.14.182.203	ec2-3-14-182-203.us-east-2.compute.amazonaws.com	-	Medium
25	3.16.105.95	ec2-3-16-105-95.us-east-2.compute.amazonaws.com	-	Medium
26	3.17.7.232	ec2-3-17-7-232.us-east-2.compute.amazonaws.com	-	Medium
27	3.17.202.129	ec2-3-17-202-129.us-east-2.compute.amazonaws.com	-	Medium
28	3.19.114.185	ec2-3-19-114-185.us-east-2.compute.amazonaws.com	-	Medium
29	3.19.130.43	ec2-3-19-130-43.us-east-2.compute.amazonaws.com	-	Medium
30	3.22.15.135	ec2-3-22-15-135.us-east-2.compute.amazonaws.com	-	Medium
31	3.22.30.40	ec2-3-22-30-40.us-east-2.compute.amazonaws.com	-	Medium
32	3.22.53.161	ec2-3-22-53-161.us-east-2.compute.amazonaws.com	-	Medium
33	3.64.4.198	ec2-3-64-4-198.eu-central-1.compute.amazonaws.com	-	Medium
34	3.66.38.117	ec2-3-66-38-117.eu-central-1.compute.amazonaws.com	-	Medium
35	3.67.15.169	ec2-3-67-15-169.eu-central-1.compute.amazonaws.com	-	Medium
36	3.67.62.142	ec2-3-67-62-142.eu-central-1.compute.amazonaws.com	-	Medium
37	3.67.112.102	ec2-3-67-112-102.eu-central-1.compute.amazonaws.com	-	Medium
38	3.67.161.133	ec2-3-67-161-133.eu-central-1.compute.amazonaws.com	-	Medium
39	3.68.56.232	ec2-3-68-56-232.eu-central-1.compute.amazonaws.com	-	Medium
40	3.68.171.119	ec2-3-68-171-119.eu-central-1.compute.amazonaws.com	-	Medium
41	3.69.115.178	ec2-3-69-115-178.eu-central-1.compute.amazonaws.com	-	Medium
42	3.69.157.220	ec2-3-69-157-220.eu-central-1.compute.amazonaws.com	-	Medium
43	3.121.139.82	ec2-3-121-139-82.eu-central-1.compute.amazonaws.com	-	Medium
44	3.124.67.191	ec2-3-124-67-191.eu-central-1.compute.amazonaws.com	-	Medium
45	3.124.142.205	ec2-3-124-142-205.eu-central-1.compute.amazonaws.com	-	Medium
46	3.125.102.39	ec2-3-125-102-39.eu-central-1.compute.amazonaws.com	-	Medium
47	3.125.188.168	ec2-3-125-188-168.eu-central-1.compute.amazonaws.com	-	Medium
48	3.125.209.94	ec2-3-125-209-94.eu-central-1.compute.amazonaws.com	-	Medium
49	3.125.223.134	ec2-3-125-223-134.eu-central-1.compute.amazonaws.com	-	Medium
50	3.126.37.18	ec2-3-126-37-18.eu-central-1.compute.amazonaws.com	-	Medium
51	3.126.224.214	ec2-3-126-224-214.eu-central-1.compute.amazonaws.com	-	Medium
52	3.127.59.75	ec2-3-127-59-75.eu-central-1.compute.amazonaws.com	-	Medium
53	3.127.138.57	ec2-3-127-138-57.eu-central-1.compute.amazonaws.com	-	Medium
54	3.127.181.115	ec2-3-127-181-115.eu-central-1.compute.amazonaws.com	-	Medium
55	3.127.253.86	ec2-3-127-253-86.eu-central-1.compute.amazonaws.com	-	Medium
56	3.128.107.74	ec2-3-128-107-74.us-east-2.compute.amazonaws.com	-	Medium
57	3.129.187.220	ec2-3-129-187-220.us-east-2.compute.amazonaws.com	-	Medium
58	3.131.147.49	ec2-3-131-147-49.us-east-2.compute.amazonaws.com	-	Medium
59	3.131.207.170	ec2-3-131-207-170.us-east-2.compute.amazonaws.com	-	Medium
60	3.132.159.158	ec2-3-132-159-158.us-east-2.compute.amazonaws.com	-	Medium
61	3.133.207.110	ec2-3-133-207-110.us-east-2.compute.amazonaws.com	-	Medium
62	3.134.39.220	ec2-3-134-39-220.us-east-2.compute.amazonaws.com	-	Medium
63	3.134.125.175	ec2-3-134-125-175.us-east-2.compute.amazonaws.com	-	Medium
64	3.136.65.236	ec2-3-136-65-236.us-east-2.compute.amazonaws.com	-	Medium
65	3.138.45.170	ec2-3-138-45-170.us-east-2.compute.amazonaws.com	-	Medium
66	3.138.180.119	ec2-3-138-180-119.us-east-2.compute.amazonaws.com	-	Medium
67	3.140.223.7	ec2-3-140-223-7.us-east-2.compute.amazonaws.com	-	Medium
68	3.141.126.222	ec2-3-141-126-222.us-east-2.compute.amazonaws.com	-	Medium
69	3.141.142.211	ec2-3-141-142-211.us-east-2.compute.amazonaws.com	-	Medium
70	3.141.177.1	ec2-3-141-177-1.us-east-2.compute.amazonaws.com	-	Medium
71	3.141.204.47	ec2-3-141-204-47.us-east-2.compute.amazonaws.com	-	Medium
72	3.141.210.37	ec2-3-141-210-37.us-east-2.compute.amazonaws.com	-	Medium
73	3.142.71.14	ec2-3-142-71-14.us-east-2.compute.amazonaws.com	-	Medium
74	3.142.81.166	ec2-3-142-81-166.us-east-2.compute.amazonaws.com	-	Medium
75	3.142.129.56	ec2-3-142-129-56.us-east-2.compute.amazonaws.com	-	Medium
76	3.142.157.76	ec2-3-142-157-76.us-east-2.compute.amazonaws.com	-	Medium
77	3.142.167.4	ec2-3-142-167-4.us-east-2.compute.amazonaws.com	-	Medium
78	3.142.167.54	ec2-3-142-167-54.us-east-2.compute.amazonaws.com	-	Medium
79	3.144.124.4	ec2-3-144-124-4.us-east-2.compute.amazonaws.com	-	Medium
80	3.219.34.39	ec2-3-219-34-39.compute-1.amazonaws.com	-	Medium
81	4.227.145.160	-	-	High
82	4.240.60.121	-	-	High
83	5.1.49.49	-	-	High
84	5.9.226.161	srv.segec.pt	-	High
85	5.34.183.64	-	-	High
86	5.43.242.29	-	-	High
87	5.58.29.129	host-5-58-29-129.bitternet.ua	-	High
88	5.61.49.169	-	-	High
89	5.78.41.13	static.13.41.78.5.clients.your-server.de	-	High
90	5.101.21.20	-	-	High
91	5.101.151.106	5-101-151-106.as42831.net	-	High
92	5.139.0.154	dsl-5-139-0-154.avtlg.ru	-	High
93	5.139.2.168	dsl-5-139-2-168.avtlg.ru	-	High
94	5.139.79.157	157.79.139.5.donpac.ru	-	High
95	5.140.245.28	-	-	High
96	5.165.69.147	5x165x69x147.dynamic.voronezh.ertelecom.ru	-	High
97	5.166.175.27	5x166x175x27.dynamic.perm.ertelecom.ru	-	High
98	5.189.227.145	workmailbest.ru	-	High
99	5.197.225.140	host-5.197.225.140.katv1.net	-	High
100	5.227.248.32	-	-	High
101	5.249.160.56	rs-zap981725-1.zap-srv.com	-	High
102	5.252.23.20	vm597956.stark-industries.solutions	-	High
103	5.254.106.214	-	-	High
104	8.202.167.202	-	-	High
105	8.208.27.218	-	-	High
106	13.37.224.132	ec2-13-37-224-132.eu-west-3.compute.amazonaws.com	-	Medium
107	13.58.157.220	ec2-13-58-157-220.us-east-2.compute.amazonaws.com	-	Medium
108	13.59.15.185	ec2-13-59-15-185.us-east-2.compute.amazonaws.com	-	Medium
109	13.77.222.211	-	-	High
110	13.92.214.100	-	-	High
111	13.107.21.200	-	-	High
112	13.229.3.203	ec2-13-229-3-203.ap-southeast-1.compute.amazonaws.com	-	Medium
113	14.46.160.76	-	-	High
114	15.223.46.207	ec2-15-223-46-207.ca-central-1.compute.amazonaws.com	-	Medium
115	15.235.53.10	ns5012329.ip-15-235-53.net	-	High
116	18.136.148.247	ec2-18-136-148-247.ap-southeast-1.compute.amazonaws.com	-	Medium
117	18.139.9.214	ec2-18-139-9-214.ap-southeast-1.compute.amazonaws.com	-	Medium
118	18.141.129.246	ec2-18-141-129-246.ap-southeast-1.compute.amazonaws.com	-	Medium
119	18.156.13.209	ec2-18-156-13-209.eu-central-1.compute.amazonaws.com	-	Medium
120	18.157.68.73	ec2-18-157-68-73.eu-central-1.compute.amazonaws.com	-	Medium
121	18.158.58.205	ec2-18-158-58-205.eu-central-1.compute.amazonaws.com	-	Medium
122	18.158.249.75	ec2-18-158-249-75.eu-central-1.compute.amazonaws.com	-	Medium
123	18.176.183.3	ec2-18-176-183-3.ap-northeast-1.compute.amazonaws.com	-	Medium
124	18.177.53.48	ec2-18-177-53-48.ap-northeast-1.compute.amazonaws.com	-	Medium
125	18.177.60.68	ec2-18-177-60-68.ap-northeast-1.compute.amazonaws.com	-	Medium
126	18.177.76.42	ec2-18-177-76-42.ap-northeast-1.compute.amazonaws.com	-	Medium
127	18.189.106.45	ec2-18-189-106-45.us-east-2.compute.amazonaws.com	-	Medium
128	18.192.31.165	ec2-18-192-31-165.eu-central-1.compute.amazonaws.com	-	Medium
129	18.192.93.86	ec2-18-192-93-86.eu-central-1.compute.amazonaws.com	-	Medium
130	18.196.192.39	ec2-18-196-192-39.eu-central-1.compute.amazonaws.com	-	Medium
131	18.197.239.5	ec2-18-197-239-5.eu-central-1.compute.amazonaws.com	-	Medium
132	18.197.239.109	ec2-18-197-239-109.eu-central-1.compute.amazonaws.com	-	Medium
133	18.198.77.177	ec2-18-198-77-177.eu-central-1.compute.amazonaws.com	-	Medium
134	18.228.115.60	ec2-18-228-115-60.sa-east-1.compute.amazonaws.com	-	Medium
135	18.229.146.63	ec2-18-229-146-63.sa-east-1.compute.amazonaws.com	-	Medium
136	18.229.248.167	ec2-18-229-248-167.sa-east-1.compute.amazonaws.com	-	Medium
137	18.231.93.153	ec2-18-231-93-153.sa-east-1.compute.amazonaws.com	-	Medium
138	20.7.14.99	-	-	High
139	20.38.13.152	-	-	High
140	20.39.226.157	-	-	High
141	20.52.0.223	-	-	High
142	20.55.68.184	-	-	High
143	20.62.174.59	-	-	High
144	20.77.246.121	-	-	High
145	20.79.249.125	-	-	High
146	20.89.209.24	-	-	High
147	20.94.209.182	-	-	High
148	20.106.232.4	-	-	High
149	20.111.25.126	-	-	High
150	20.113.57.84	-	-	High
151	20.117.121.229	-	-	High
152	20.185.47.68	-	-	High
153	20.194.35.6	-	-	High
154	20.197.224.91	-	-	High
155	20.197.231.178	-	-	High
156	20.199.40.163	-	-	High
157	20.201.116.50	-	-	High
158	20.206.75.74	-	-	High
159	20.212.176.142	-	-	High
160	20.218.135.231	-	-	High
161	20.223.155.39	-	-	High
162	20.226.20.223	-	-	High
163	20.226.89.14	-	-	High
164	20.231.55.108	-	-	High
165	20.234.71.164	-	-	High
166	23.3.13.88	a23-3-13-88.deploy.static.akamaitechnologies.com	-	High
167	23.3.13.154	a23-3-13-154.deploy.static.akamaitechnologies.com	-	High
168	23.94.171.142	23-94-171-142-host.colocrossing.com	-	High
169	23.94.188.213	23-94-188-213-host.colocrossing.com	-	High
170	23.95.24.218	23-95-24-218-host.colocrossing.com	-	High
171	23.95.132.55	23-95-132-55-host.colocrossing.com	-	High
172	23.97.97.57	-	-	High
173	23.105.131.151	mail151.nessfist.com	-	High
174	23.105.131.196	mail196.nessfist.com	-	High
175	23.105.131.197	mail197.nessfist.com	-	High
176	23.105.131.200	mail200.nessfist.com	-	High
177	23.105.131.206	mail206.nessfist.com	-	High
178	23.105.131.209	mail209.nessfist.com	-	High
179	23.105.131.228	mail228.nessfist.com	-	High
180	23.226.130.229	23.226.130.229.static.greencloudvps.com	-	High
181	23.227.202.157	23-227-202-157.static.hvvc.us	-	High
182	23.237.25.12	-	-	High
183	23.237.25.120	-	-	High
184	23.237.25.124	-	-	High
185	23.237.25.129	-	-	High
186	23.237.25.161	-	-	High
187	23.237.25.168	-	-	High
188	23.237.25.190	-	-	High
189	24.3.246.227	c-24-3-246-227.hsd1.pa.comcast.net	-	High
190	24.6.141.96	-	-	High
191	24.152.39.233	24-152-39-233.masterdaweb.com	-	High
192	24.232.147.72	OL72-147.fibertel.com.ar	-	High
193	25.22.247.130	-	-	High
194	25.40.63.164	-	-	High
195	25.40.195.41	-	-	High
196	25.42.192.202	-	-	High
197	25.44.232.139	-	-	High
198	25.45.164.207	-	-	High
199	25.49.186.13	-	-	High
200	25.64.3.15	-	-	High
201	25.75.145.231	-	-	High
202	25.78.235.40	-	-	High
203	25.92.22.16	-	-	High
204	25.93.215.70	-	-	High
205	25.103.24.11	-	-	High
206	25.122.86.215	-	-	High
207	26.17.19.114	-	-	High
208	26.58.220.94	-	-	High
209	26.63.188.232	-	-	High
210	26.226.34.147	-	-	High
211	27.115.99.126	-	-	High
212	27.147.169.101	169.101.cetus.link3.net	-	High
213	31.9.48.141	-	-	High
214	31.9.48.164	-	-	High
215	31.10.120.162	-	-	High
216	31.13.66.19	xx-fbcdn-shv-01-iad3.fbcdn.net	-	High
217	31.23.184.107	107.184.23.31.donpac.ru	-	High
218	31.28.240.86	host-86-240-28-31.sevstar.net	-	High
219	31.29.196.62	-	-	High
220	31.41.97.168	31.41.97.168.base-net.ru	-	High
221	31.129.65.105	ip-31-65-105.dnepro.net	-	High
222	31.132.34.68	-	-	High
223	31.132.176.189	31-132-176-189.bks-tv.ru	-	High
224	31.132.178.127	31-132-178-127.bks-tv.ru	-	High
225	31.132.179.73	31-132-179-73.bks-tv.ru	-	High
226	31.148.177.38	-	-	High
227	31.202.217.240	31-202-217-240-kh.maxnet.ua	-	High
228	31.207.237.252	pool-31-207-237-252.is74.ru	-	High
229	34.68.118.32	32.118.68.34.bc.googleusercontent.com	-	Medium
230	34.77.105.34	34.105.77.34.bc.googleusercontent.com	-	Medium
231	34.89.221.19	19.221.89.34.bc.googleusercontent.com	-	Medium
232	34.125.123.200	200.123.125.34.bc.googleusercontent.com	-	Medium
233	34.176.64.245	245.64.176.34.bc.googleusercontent.com	-	Medium
234	35.157.111.131	ec2-35-157-111-131.eu-central-1.compute.amazonaws.com	-	Medium
235	35.158.159.254	ec2-35-158-159-254.eu-central-1.compute.amazonaws.com	-	Medium
236	35.193.121.248	248.121.193.35.bc.googleusercontent.com	-	Medium
237	35.226.2.6	6.2.226.35.bc.googleusercontent.com	-	Medium
238	35.237.4.214	crawl-35-237-4-214.ptr.discord.com	-	High
239	35.239.113.16	16.113.239.35.bc.googleusercontent.com	-	Medium
240	37.0.14.215	-	-	High
241	37.1.207.27	-	-	High
242	37.1.208.100	-	-	High
243	37.1.215.39	-	-	High
244	37.1.217.131	vps2.wo.tn	-	High
245	37.1.222.208	free.ispiria.net	-	High
246	37.8.22.24	-	-	High
247	37.21.79.250	-	-	High
248	37.23.233.32	37.23.233-32.xdsl.ab.ru	-	High
249	37.29.40.140	-	-	High
250	37.38.244.230	-	-	High
251	37.46.117.90	bg-sof.as51430.net	-	High
252	37.48.74.101	-	-	High
253	37.48.81.42	mail.ad-stars.com	-	High
254	37.59.250.182	-	-	High
255	37.78.180.49	-	-	High
256	37.79.11.117	-	-	High
257	37.107.184.236	-	-	High
258	37.120.141.158	-	-	High
259	37.120.159.237	-	-	High
260	37.120.215.248	-	-	High
261	37.144.68.25	37-144-68-25.broadband.corbina.ru	-	High
262	37.145.148.238	37-145-148-238.broadband.corbina.ru	-	High
263	37.147.77.87	37-147-77-87.broadband.corbina.ru	-	High
264	37.147.137.225	37-147-137-225.broadband.corbina.ru	-	High
265	37.192.18.134	l37-192-18-134.novotelecom.ru	-	High
266	37.193.85.99	l37-193-85-99.novotelecom.ru	-	High
267	37.209.239.84	-	-	High
268	37.230.130.14	-	-	High
269	37.230.130.89	-	-	High
270	37.235.48.20	20.48.235.37.in-addr.arpa	-	High
271	37.236.162.9	-	-	High
272	37.252.7.150	-	-	High
273	37.252.11.171	-	-	High
274	38.89.142.205	-	-	High
275	39.115.121.241	-	-	High
276	40.80.147.203	-	-	High
277	41.36.255.72	host-41.36.255.72.tedata.net	-	High
278	41.42.68.235	host-41.42.68.235.tedata.net	-	High
279	41.43.207.74	host-41.43.207.74.tedata.net	-	High
280	41.44.79.212	host-41.44.79.212.tedata.net	-	High
281	41.44.233.236	host-41.44.233.236.tedata.net	-	High
282	41.47.35.252	host-41.47.35.252.tedata.net	-	High
283	41.68.165.218	-	-	High
284	41.97.3.243	-	-	High
285	41.97.121.174	-	-	High
286	41.97.223.104	-	-	High
287	41.97.242.171	-	-	High
288	41.98.30.114	-	-	High
289	41.99.178.129	-	-	High
290	41.102.0.15	-	-	High
291	41.102.39.1	-	-	High
292	41.102.190.225	-	-	High
293	41.103.11.65	-	-	High
294	41.103.17.182	-	-	High
295	41.103.29.232	-	-	High
296	41.103.60.237	-	-	High
297	41.103.172.79	-	-	High
298	41.103.178.158	-	-	High
299	41.103.180.209	-	-	High
300	41.104.37.66	-	-	High
301	41.104.212.15	-	-	High
302	41.105.208.43	-	-	High
303	41.107.120.88	-	-	High
304	41.108.115.221	-	-	High
305	41.108.181.141	-	-	High
306	41.108.184.148	-	-	High
307	41.108.217.244	-	-	High
308	41.109.68.239	-	-	High
309	41.109.74.58	-	-	High
310	41.109.90.34	-	-	High
311	41.109.224.182	-	-	High
312	41.109.251.66	-	-	High
313	41.141.118.138	-	-	High
314	41.200.44.39	-	-	High
315	41.200.126.237	-	-	High
316	41.200.143.212	-	-	High
317	41.200.209.143	-	-	High
318	41.226.95.248	-	-	High
319	41.227.188.49	-	-	High
320	41.230.155.2	-	-	High
321	41.233.42.161	host-41.233.42.161.tedata.net	-	High
322	41.233.172.236	host-41.233.172.236.tedata.net	-	High
323	41.234.63.80	host-41.234.63.80.tedata.net	-	High
324	41.234.224.29	host-41.234.224.29.tedata.net	-	High
325	41.235.176.195	host-41.235.176.195.tedata.net	-	High
326	41.237.168.1	host-41.237.168.1.tedata.net	-	High
327	41.237.177.231	host-41.237.177.231.tedata.net	-	High
328	41.238.101.232	host-41.238.101.232.tedata.net	-	High
329	41.248.145.45	-	-	High
330	41.250.151.242	-	-	High
331	43.229.151.64	-	-	High
332	43.229.151.135	-	-	High
333	43.229.151.171	-	-	High
334	43.229.151.191	-	-	High
335	43.245.199.210	-	-	High
336	43.254.134.157	-	-	High
337	43.255.241.81	43-255-241-81.static.bestidc.net	-	High
338	45.10.88.108	45.10.88.108.cl.darnytsia.net	-	High
339	45.32.108.159	45.32.108.159.vultrusercontent.com	-	High
340	45.32.159.208	45.32.159.208.vultrusercontent.com	-	High
341	...	...	...	...

There are 1362 more IOC items available. Please use our online service to access the data.

TTP - Tactics, Techniques, Procedures

Tactics, techniques, and procedures (TTP) summarize the suspected MITRE ATT&CK techniques used by NjRAT. This data is unique as it uses our predictive model for actor profiling.

ID	Technique	Weakness	Description	Confidence
1	T1006	CWE-21, CWE-22, CWE-23, CWE-25, CWE-29	Pathname Traversal	High
2	T1040	CWE-294, CWE-319	Authentication Bypass by Capture-replay	High
3	T1055	CWE-74	Injection	High
4	T1059	CWE-88, CWE-94, CWE-1321	Cross Site Scripting	High
5	T1059.007	CWE-79, CWE-80	Cross Site Scripting	High
6	T1068	CWE-250, CWE-264, CWE-267, CWE-269, CWE-284	J2EE Misconfiguration: Weak Access Permissions for EJB Methods	High
7	...	...	...	...

There are 22 more TTP items available. Please use our online service to access the data.

IOA - Indicator of Attack

These indicators of attack (IOA) list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration by NjRAT. This data is unique as it uses our predictive model for actor profiling.

ID	Type	Indicator	Confidence
1	File	`%SYSTEMDRIVE%\node_modules\.bin\wmic.exe`	High
2	File	`/admin/`	Low
3	File	`/admin/general.cgi`	High
4	File	`/admin/pages/subjects.php`	High
5	File	`/api/admin/system/store/order/list`	High
6	File	`/b2b-supermarket/shopping-cart`	High
7	File	`/bookstore/bookPerPub.php`	High
8	File	`/change-language/de_DE`	High
9	File	`/debug/pprof`	Medium
10	File	`/devinfo`	Medium
11	File	`/dist/index.js`	High
12	File	`/edit/server`	Medium
13	File	`/forum/away.php`	High
14	File	`/goform/formSysCmd`	High
15	File	`/hosts/firewall/ip`	High
16	File	`/icehrm/app/fileupload_page.php`	High
17	File	`/index.php`	Medium
18	File	`/index.php/ccm/system/file/upload`	High
19	File	`/log/decodmail.php`	High
20	File	`/nagiosxi/admin/banner_message-ajaxhelper.php`	High
21	File	`/novel/bookSetting/list`	High
22	File	`/oauth/idp/.well-known/openid-configuration`	High
23	File	`/owa/auth/logon.aspx`	High
24	File	`/php/ping.php`	High
25	File	`/s/index.php?action=statistics`	High
26	File	`/spip.php`	Medium
27	File	`/system/role/list`	High
28	File	`/TMS/admin/setting/mail/createorupdate`	High
29	File	`/upload/ueditorConfig?action=config`	High
30	File	`/user/index/findpass?do=4`	High
31	File	`/useratte/userattestation.php`	High
32	File	`/view-pass-detail.php`	High
33	...	...	...

There are 283 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.

References

The following list contains external sources which discuss the actor and the associated activities:

Literature

The following articles explain our unique predictive cyber threat intelligence: