.. | ||
README.md |
NjRAT - Cyber Threat Intelligence
These indicators were reported, collected, and generated during the VulDB CTI analysis of the actor known as NjRAT. The activity monitoring correlates data from social media, forums, chat rooms, and darknet markets. It helps to determine associated actors, specific activities, expected intentions, emerging research, and ongoing attacks. Our unique predictive model uses big data to forecast activities and their characteristics.
Live data and more analysis capabilities are available at https://vuldb.com/?actor.njrat
Countries
These countries are directly (e.g. origin of attacks) or indirectly (e.g. access by proxy) associated with NjRAT:
There are 20 more country items available. Please use our online service to access the data.
IOC - Indicator of Compromise
These indicators of compromise (IOC) indicate associated network resources which are known to be part of research and attack activities of NjRAT.
ID | IP address | Hostname | Campaign | Confidence |
---|---|---|---|---|
1 | 1.227.134.55 | - | - | High |
2 | 1.234.37.232 | - | - | High |
3 | 1.243.157.185 | - | - | High |
4 | 2.56.214.165 | - | - | High |
5 | 2.57.90.16 | - | - | High |
6 | 2.58.149.13 | - | - | High |
7 | 2.58.149.171 | - | - | High |
8 | 2.60.38.237 | - | - | High |
9 | 2.61.31.155 | dynamic-2-61-31-155.pppoe.khakasnet.ru | - | High |
10 | 2.91.138.211 | - | - | High |
11 | 2.94.84.197 | - | - | High |
12 | 2.94.113.188 | - | - | High |
13 | 2.95.50.14 | - | - | High |
14 | 2.132.107.223 | 2.132.107.223.megaline.telecom.kz | - | High |
15 | 2.133.189.217 | 2.133.189.217.megaline.telecom.kz | - | High |
16 | 2.207.101.83 | dslb-002-207-101-083.002.207.pools.vodafone-ip.de | - | High |
17 | 2.224.144.191 | 2-224-144-191.ip170.fastwebnet.it | - | High |
18 | 3.6.30.85 | ec2-3-6-30-85.ap-south-1.compute.amazonaws.com | - | Medium |
19 | 3.6.98.232 | ec2-3-6-98-232.ap-south-1.compute.amazonaws.com | - | Medium |
20 | 3.6.115.64 | ec2-3-6-115-64.ap-south-1.compute.amazonaws.com | - | Medium |
21 | 3.6.115.182 | ec2-3-6-115-182.ap-south-1.compute.amazonaws.com | - | Medium |
22 | 3.6.122.107 | ec2-3-6-122-107.ap-south-1.compute.amazonaws.com | - | Medium |
23 | 3.13.191.225 | ec2-3-13-191-225.us-east-2.compute.amazonaws.com | - | Medium |
24 | 3.14.182.203 | ec2-3-14-182-203.us-east-2.compute.amazonaws.com | - | Medium |
25 | 3.16.105.95 | ec2-3-16-105-95.us-east-2.compute.amazonaws.com | - | Medium |
26 | 3.17.7.232 | ec2-3-17-7-232.us-east-2.compute.amazonaws.com | - | Medium |
27 | 3.17.202.129 | ec2-3-17-202-129.us-east-2.compute.amazonaws.com | - | Medium |
28 | 3.19.114.185 | ec2-3-19-114-185.us-east-2.compute.amazonaws.com | - | Medium |
29 | 3.19.130.43 | ec2-3-19-130-43.us-east-2.compute.amazonaws.com | - | Medium |
30 | 3.22.15.135 | ec2-3-22-15-135.us-east-2.compute.amazonaws.com | - | Medium |
31 | 3.22.30.40 | ec2-3-22-30-40.us-east-2.compute.amazonaws.com | - | Medium |
32 | 3.22.53.161 | ec2-3-22-53-161.us-east-2.compute.amazonaws.com | - | Medium |
33 | 3.64.4.198 | ec2-3-64-4-198.eu-central-1.compute.amazonaws.com | - | Medium |
34 | 3.66.38.117 | ec2-3-66-38-117.eu-central-1.compute.amazonaws.com | - | Medium |
35 | 3.67.15.169 | ec2-3-67-15-169.eu-central-1.compute.amazonaws.com | - | Medium |
36 | 3.67.62.142 | ec2-3-67-62-142.eu-central-1.compute.amazonaws.com | - | Medium |
37 | 3.67.112.102 | ec2-3-67-112-102.eu-central-1.compute.amazonaws.com | - | Medium |
38 | 3.67.161.133 | ec2-3-67-161-133.eu-central-1.compute.amazonaws.com | - | Medium |
39 | 3.68.56.232 | ec2-3-68-56-232.eu-central-1.compute.amazonaws.com | - | Medium |
40 | 3.68.171.119 | ec2-3-68-171-119.eu-central-1.compute.amazonaws.com | - | Medium |
41 | 3.69.115.178 | ec2-3-69-115-178.eu-central-1.compute.amazonaws.com | - | Medium |
42 | 3.69.157.220 | ec2-3-69-157-220.eu-central-1.compute.amazonaws.com | - | Medium |
43 | 3.121.139.82 | ec2-3-121-139-82.eu-central-1.compute.amazonaws.com | - | Medium |
44 | 3.124.67.191 | ec2-3-124-67-191.eu-central-1.compute.amazonaws.com | - | Medium |
45 | 3.124.142.205 | ec2-3-124-142-205.eu-central-1.compute.amazonaws.com | - | Medium |
46 | 3.125.102.39 | ec2-3-125-102-39.eu-central-1.compute.amazonaws.com | - | Medium |
47 | 3.125.188.168 | ec2-3-125-188-168.eu-central-1.compute.amazonaws.com | - | Medium |
48 | 3.125.209.94 | ec2-3-125-209-94.eu-central-1.compute.amazonaws.com | - | Medium |
49 | 3.125.223.134 | ec2-3-125-223-134.eu-central-1.compute.amazonaws.com | - | Medium |
50 | 3.126.37.18 | ec2-3-126-37-18.eu-central-1.compute.amazonaws.com | - | Medium |
51 | 3.126.224.214 | ec2-3-126-224-214.eu-central-1.compute.amazonaws.com | - | Medium |
52 | 3.127.59.75 | ec2-3-127-59-75.eu-central-1.compute.amazonaws.com | - | Medium |
53 | 3.127.138.57 | ec2-3-127-138-57.eu-central-1.compute.amazonaws.com | - | Medium |
54 | 3.127.181.115 | ec2-3-127-181-115.eu-central-1.compute.amazonaws.com | - | Medium |
55 | 3.127.253.86 | ec2-3-127-253-86.eu-central-1.compute.amazonaws.com | - | Medium |
56 | 3.128.107.74 | ec2-3-128-107-74.us-east-2.compute.amazonaws.com | - | Medium |
57 | 3.129.187.220 | ec2-3-129-187-220.us-east-2.compute.amazonaws.com | - | Medium |
58 | 3.131.147.49 | ec2-3-131-147-49.us-east-2.compute.amazonaws.com | - | Medium |
59 | 3.131.207.170 | ec2-3-131-207-170.us-east-2.compute.amazonaws.com | - | Medium |
60 | 3.132.159.158 | ec2-3-132-159-158.us-east-2.compute.amazonaws.com | - | Medium |
61 | 3.133.207.110 | ec2-3-133-207-110.us-east-2.compute.amazonaws.com | - | Medium |
62 | 3.134.39.220 | ec2-3-134-39-220.us-east-2.compute.amazonaws.com | - | Medium |
63 | 3.134.125.175 | ec2-3-134-125-175.us-east-2.compute.amazonaws.com | - | Medium |
64 | 3.136.65.236 | ec2-3-136-65-236.us-east-2.compute.amazonaws.com | - | Medium |
65 | 3.138.45.170 | ec2-3-138-45-170.us-east-2.compute.amazonaws.com | - | Medium |
66 | 3.138.180.119 | ec2-3-138-180-119.us-east-2.compute.amazonaws.com | - | Medium |
67 | 3.140.223.7 | ec2-3-140-223-7.us-east-2.compute.amazonaws.com | - | Medium |
68 | 3.141.126.222 | ec2-3-141-126-222.us-east-2.compute.amazonaws.com | - | Medium |
69 | 3.141.142.211 | ec2-3-141-142-211.us-east-2.compute.amazonaws.com | - | Medium |
70 | 3.141.177.1 | ec2-3-141-177-1.us-east-2.compute.amazonaws.com | - | Medium |
71 | 3.141.204.47 | ec2-3-141-204-47.us-east-2.compute.amazonaws.com | - | Medium |
72 | 3.141.210.37 | ec2-3-141-210-37.us-east-2.compute.amazonaws.com | - | Medium |
73 | 3.142.71.14 | ec2-3-142-71-14.us-east-2.compute.amazonaws.com | - | Medium |
74 | 3.142.81.166 | ec2-3-142-81-166.us-east-2.compute.amazonaws.com | - | Medium |
75 | 3.142.129.56 | ec2-3-142-129-56.us-east-2.compute.amazonaws.com | - | Medium |
76 | 3.142.157.76 | ec2-3-142-157-76.us-east-2.compute.amazonaws.com | - | Medium |
77 | 3.142.167.4 | ec2-3-142-167-4.us-east-2.compute.amazonaws.com | - | Medium |
78 | 3.142.167.54 | ec2-3-142-167-54.us-east-2.compute.amazonaws.com | - | Medium |
79 | 3.144.124.4 | ec2-3-144-124-4.us-east-2.compute.amazonaws.com | - | Medium |
80 | 3.219.34.39 | ec2-3-219-34-39.compute-1.amazonaws.com | - | Medium |
81 | 4.227.145.160 | - | - | High |
82 | 4.240.60.121 | - | - | High |
83 | 5.1.49.49 | - | - | High |
84 | 5.9.226.161 | srv.segec.pt | - | High |
85 | 5.34.183.64 | - | - | High |
86 | 5.43.242.29 | - | - | High |
87 | 5.58.29.129 | host-5-58-29-129.bitternet.ua | - | High |
88 | 5.61.49.169 | - | - | High |
89 | 5.78.41.13 | static.13.41.78.5.clients.your-server.de | - | High |
90 | 5.101.21.20 | - | - | High |
91 | 5.101.151.106 | 5-101-151-106.as42831.net | - | High |
92 | 5.139.0.154 | dsl-5-139-0-154.avtlg.ru | - | High |
93 | 5.139.2.168 | dsl-5-139-2-168.avtlg.ru | - | High |
94 | 5.139.79.157 | 157.79.139.5.donpac.ru | - | High |
95 | 5.140.245.28 | - | - | High |
96 | 5.165.69.147 | 5x165x69x147.dynamic.voronezh.ertelecom.ru | - | High |
97 | 5.166.175.27 | 5x166x175x27.dynamic.perm.ertelecom.ru | - | High |
98 | 5.189.227.145 | workmailbest.ru | - | High |
99 | 5.197.225.140 | host-5.197.225.140.katv1.net | - | High |
100 | 5.227.248.32 | - | - | High |
101 | 5.249.160.56 | rs-zap981725-1.zap-srv.com | - | High |
102 | 5.252.23.20 | vm597956.stark-industries.solutions | - | High |
103 | 5.254.106.214 | - | - | High |
104 | 8.202.167.202 | - | - | High |
105 | 8.208.27.218 | - | - | High |
106 | 13.37.224.132 | ec2-13-37-224-132.eu-west-3.compute.amazonaws.com | - | Medium |
107 | 13.58.157.220 | ec2-13-58-157-220.us-east-2.compute.amazonaws.com | - | Medium |
108 | 13.59.15.185 | ec2-13-59-15-185.us-east-2.compute.amazonaws.com | - | Medium |
109 | 13.77.222.211 | - | - | High |
110 | 13.92.214.100 | - | - | High |
111 | 13.107.21.200 | - | - | High |
112 | 13.229.3.203 | ec2-13-229-3-203.ap-southeast-1.compute.amazonaws.com | - | Medium |
113 | 14.46.160.76 | - | - | High |
114 | 15.223.46.207 | ec2-15-223-46-207.ca-central-1.compute.amazonaws.com | - | Medium |
115 | 15.235.53.10 | ns5012329.ip-15-235-53.net | - | High |
116 | 18.136.148.247 | ec2-18-136-148-247.ap-southeast-1.compute.amazonaws.com | - | Medium |
117 | 18.139.9.214 | ec2-18-139-9-214.ap-southeast-1.compute.amazonaws.com | - | Medium |
118 | 18.141.129.246 | ec2-18-141-129-246.ap-southeast-1.compute.amazonaws.com | - | Medium |
119 | 18.156.13.209 | ec2-18-156-13-209.eu-central-1.compute.amazonaws.com | - | Medium |
120 | 18.157.68.73 | ec2-18-157-68-73.eu-central-1.compute.amazonaws.com | - | Medium |
121 | 18.158.58.205 | ec2-18-158-58-205.eu-central-1.compute.amazonaws.com | - | Medium |
122 | 18.158.249.75 | ec2-18-158-249-75.eu-central-1.compute.amazonaws.com | - | Medium |
123 | 18.176.183.3 | ec2-18-176-183-3.ap-northeast-1.compute.amazonaws.com | - | Medium |
124 | 18.177.53.48 | ec2-18-177-53-48.ap-northeast-1.compute.amazonaws.com | - | Medium |
125 | 18.177.60.68 | ec2-18-177-60-68.ap-northeast-1.compute.amazonaws.com | - | Medium |
126 | 18.177.76.42 | ec2-18-177-76-42.ap-northeast-1.compute.amazonaws.com | - | Medium |
127 | 18.189.106.45 | ec2-18-189-106-45.us-east-2.compute.amazonaws.com | - | Medium |
128 | 18.192.31.165 | ec2-18-192-31-165.eu-central-1.compute.amazonaws.com | - | Medium |
129 | 18.192.93.86 | ec2-18-192-93-86.eu-central-1.compute.amazonaws.com | - | Medium |
130 | 18.196.192.39 | ec2-18-196-192-39.eu-central-1.compute.amazonaws.com | - | Medium |
131 | 18.197.239.5 | ec2-18-197-239-5.eu-central-1.compute.amazonaws.com | - | Medium |
132 | 18.197.239.109 | ec2-18-197-239-109.eu-central-1.compute.amazonaws.com | - | Medium |
133 | 18.198.77.177 | ec2-18-198-77-177.eu-central-1.compute.amazonaws.com | - | Medium |
134 | 18.228.115.60 | ec2-18-228-115-60.sa-east-1.compute.amazonaws.com | - | Medium |
135 | 18.229.146.63 | ec2-18-229-146-63.sa-east-1.compute.amazonaws.com | - | Medium |
136 | 18.229.248.167 | ec2-18-229-248-167.sa-east-1.compute.amazonaws.com | - | Medium |
137 | 18.231.93.153 | ec2-18-231-93-153.sa-east-1.compute.amazonaws.com | - | Medium |
138 | 20.7.14.99 | - | - | High |
139 | 20.38.13.152 | - | - | High |
140 | 20.39.226.157 | - | - | High |
141 | 20.52.0.223 | - | - | High |
142 | 20.55.68.184 | - | - | High |
143 | 20.62.174.59 | - | - | High |
144 | 20.77.246.121 | - | - | High |
145 | 20.79.249.125 | - | - | High |
146 | 20.89.209.24 | - | - | High |
147 | 20.94.209.182 | - | - | High |
148 | 20.106.232.4 | - | - | High |
149 | 20.111.25.126 | - | - | High |
150 | 20.113.57.84 | - | - | High |
151 | 20.117.121.229 | - | - | High |
152 | 20.185.47.68 | - | - | High |
153 | 20.194.35.6 | - | - | High |
154 | 20.197.224.91 | - | - | High |
155 | 20.197.231.178 | - | - | High |
156 | 20.199.40.163 | - | - | High |
157 | 20.201.116.50 | - | - | High |
158 | 20.206.75.74 | - | - | High |
159 | 20.212.176.142 | - | - | High |
160 | 20.218.135.231 | - | - | High |
161 | 20.223.155.39 | - | - | High |
162 | 20.226.20.223 | - | - | High |
163 | 20.226.89.14 | - | - | High |
164 | 20.231.55.108 | - | - | High |
165 | 20.234.71.164 | - | - | High |
166 | 23.3.13.88 | a23-3-13-88.deploy.static.akamaitechnologies.com | - | High |
167 | 23.3.13.154 | a23-3-13-154.deploy.static.akamaitechnologies.com | - | High |
168 | 23.94.171.142 | 23-94-171-142-host.colocrossing.com | - | High |
169 | 23.94.188.213 | 23-94-188-213-host.colocrossing.com | - | High |
170 | 23.95.24.218 | 23-95-24-218-host.colocrossing.com | - | High |
171 | 23.95.132.55 | 23-95-132-55-host.colocrossing.com | - | High |
172 | 23.97.97.57 | - | - | High |
173 | 23.105.131.151 | mail151.nessfist.com | - | High |
174 | 23.105.131.196 | mail196.nessfist.com | - | High |
175 | 23.105.131.197 | mail197.nessfist.com | - | High |
176 | 23.105.131.200 | mail200.nessfist.com | - | High |
177 | 23.105.131.206 | mail206.nessfist.com | - | High |
178 | 23.105.131.209 | mail209.nessfist.com | - | High |
179 | 23.105.131.228 | mail228.nessfist.com | - | High |
180 | 23.226.130.229 | 23.226.130.229.static.greencloudvps.com | - | High |
181 | 23.227.202.157 | 23-227-202-157.static.hvvc.us | - | High |
182 | 23.237.25.12 | - | - | High |
183 | 23.237.25.120 | - | - | High |
184 | 23.237.25.124 | - | - | High |
185 | 23.237.25.129 | - | - | High |
186 | 23.237.25.161 | - | - | High |
187 | 23.237.25.168 | - | - | High |
188 | 23.237.25.190 | - | - | High |
189 | 24.3.246.227 | c-24-3-246-227.hsd1.pa.comcast.net | - | High |
190 | 24.6.141.96 | - | - | High |
191 | 24.152.39.233 | 24-152-39-233.masterdaweb.com | - | High |
192 | 24.232.147.72 | OL72-147.fibertel.com.ar | - | High |
193 | 25.22.247.130 | - | - | High |
194 | 25.40.63.164 | - | - | High |
195 | 25.40.195.41 | - | - | High |
196 | 25.42.192.202 | - | - | High |
197 | 25.44.232.139 | - | - | High |
198 | 25.45.164.207 | - | - | High |
199 | 25.49.186.13 | - | - | High |
200 | 25.64.3.15 | - | - | High |
201 | 25.75.145.231 | - | - | High |
202 | 25.78.235.40 | - | - | High |
203 | 25.92.22.16 | - | - | High |
204 | 25.93.215.70 | - | - | High |
205 | 25.103.24.11 | - | - | High |
206 | 25.122.86.215 | - | - | High |
207 | 26.17.19.114 | - | - | High |
208 | 26.58.220.94 | - | - | High |
209 | 26.63.188.232 | - | - | High |
210 | 26.226.34.147 | - | - | High |
211 | 27.115.99.126 | - | - | High |
212 | 27.147.169.101 | 169.101.cetus.link3.net | - | High |
213 | 31.9.48.141 | - | - | High |
214 | 31.9.48.164 | - | - | High |
215 | 31.10.120.162 | - | - | High |
216 | 31.13.66.19 | xx-fbcdn-shv-01-iad3.fbcdn.net | - | High |
217 | 31.23.184.107 | 107.184.23.31.donpac.ru | - | High |
218 | 31.28.240.86 | host-86-240-28-31.sevstar.net | - | High |
219 | 31.29.196.62 | - | - | High |
220 | 31.41.97.168 | 31.41.97.168.base-net.ru | - | High |
221 | 31.129.65.105 | ip-31-65-105.dnepro.net | - | High |
222 | 31.132.34.68 | - | - | High |
223 | 31.132.176.189 | 31-132-176-189.bks-tv.ru | - | High |
224 | 31.132.178.127 | 31-132-178-127.bks-tv.ru | - | High |
225 | 31.132.179.73 | 31-132-179-73.bks-tv.ru | - | High |
226 | 31.148.177.38 | - | - | High |
227 | 31.202.217.240 | 31-202-217-240-kh.maxnet.ua | - | High |
228 | 31.207.237.252 | pool-31-207-237-252.is74.ru | - | High |
229 | 34.68.118.32 | 32.118.68.34.bc.googleusercontent.com | - | Medium |
230 | 34.77.105.34 | 34.105.77.34.bc.googleusercontent.com | - | Medium |
231 | 34.89.221.19 | 19.221.89.34.bc.googleusercontent.com | - | Medium |
232 | 34.125.123.200 | 200.123.125.34.bc.googleusercontent.com | - | Medium |
233 | 34.176.64.245 | 245.64.176.34.bc.googleusercontent.com | - | Medium |
234 | 35.157.111.131 | ec2-35-157-111-131.eu-central-1.compute.amazonaws.com | - | Medium |
235 | 35.158.159.254 | ec2-35-158-159-254.eu-central-1.compute.amazonaws.com | - | Medium |
236 | 35.193.121.248 | 248.121.193.35.bc.googleusercontent.com | - | Medium |
237 | 35.226.2.6 | 6.2.226.35.bc.googleusercontent.com | - | Medium |
238 | 35.237.4.214 | crawl-35-237-4-214.ptr.discord.com | - | High |
239 | 35.239.113.16 | 16.113.239.35.bc.googleusercontent.com | - | Medium |
240 | 37.0.14.215 | - | - | High |
241 | 37.1.207.27 | - | - | High |
242 | 37.1.208.100 | - | - | High |
243 | 37.1.215.39 | - | - | High |
244 | 37.1.217.131 | vps2.wo.tn | - | High |
245 | 37.1.222.208 | free.ispiria.net | - | High |
246 | 37.8.22.24 | - | - | High |
247 | 37.21.79.250 | - | - | High |
248 | 37.23.233.32 | 37.23.233-32.xdsl.ab.ru | - | High |
249 | 37.29.40.140 | - | - | High |
250 | 37.38.244.230 | - | - | High |
251 | 37.46.117.90 | bg-sof.as51430.net | - | High |
252 | 37.48.74.101 | - | - | High |
253 | 37.48.81.42 | mail.ad-stars.com | - | High |
254 | 37.59.250.182 | - | - | High |
255 | 37.78.180.49 | - | - | High |
256 | 37.79.11.117 | - | - | High |
257 | 37.107.184.236 | - | - | High |
258 | 37.120.141.158 | - | - | High |
259 | 37.120.159.237 | - | - | High |
260 | 37.120.215.248 | - | - | High |
261 | 37.144.68.25 | 37-144-68-25.broadband.corbina.ru | - | High |
262 | 37.145.148.238 | 37-145-148-238.broadband.corbina.ru | - | High |
263 | 37.147.77.87 | 37-147-77-87.broadband.corbina.ru | - | High |
264 | 37.147.137.225 | 37-147-137-225.broadband.corbina.ru | - | High |
265 | 37.192.18.134 | l37-192-18-134.novotelecom.ru | - | High |
266 | 37.193.85.99 | l37-193-85-99.novotelecom.ru | - | High |
267 | 37.209.239.84 | - | - | High |
268 | 37.230.130.14 | - | - | High |
269 | 37.230.130.89 | - | - | High |
270 | 37.235.48.20 | 20.48.235.37.in-addr.arpa | - | High |
271 | 37.236.162.9 | - | - | High |
272 | 37.252.7.150 | - | - | High |
273 | 37.252.11.171 | - | - | High |
274 | 38.89.142.205 | - | - | High |
275 | 39.115.121.241 | - | - | High |
276 | 40.80.147.203 | - | - | High |
277 | 41.36.255.72 | host-41.36.255.72.tedata.net | - | High |
278 | 41.42.68.235 | host-41.42.68.235.tedata.net | - | High |
279 | 41.43.207.74 | host-41.43.207.74.tedata.net | - | High |
280 | 41.44.79.212 | host-41.44.79.212.tedata.net | - | High |
281 | 41.44.233.236 | host-41.44.233.236.tedata.net | - | High |
282 | 41.47.35.252 | host-41.47.35.252.tedata.net | - | High |
283 | 41.68.165.218 | - | - | High |
284 | 41.97.3.243 | - | - | High |
285 | 41.97.121.174 | - | - | High |
286 | 41.97.223.104 | - | - | High |
287 | 41.97.242.171 | - | - | High |
288 | 41.98.30.114 | - | - | High |
289 | 41.99.178.129 | - | - | High |
290 | 41.102.0.15 | - | - | High |
291 | 41.102.39.1 | - | - | High |
292 | 41.102.190.225 | - | - | High |
293 | 41.103.11.65 | - | - | High |
294 | 41.103.17.182 | - | - | High |
295 | 41.103.29.232 | - | - | High |
296 | 41.103.60.237 | - | - | High |
297 | 41.103.172.79 | - | - | High |
298 | 41.103.178.158 | - | - | High |
299 | 41.103.180.209 | - | - | High |
300 | 41.104.37.66 | - | - | High |
301 | 41.104.212.15 | - | - | High |
302 | 41.105.208.43 | - | - | High |
303 | 41.107.120.88 | - | - | High |
304 | 41.108.115.221 | - | - | High |
305 | 41.108.181.141 | - | - | High |
306 | 41.108.184.148 | - | - | High |
307 | 41.108.217.244 | - | - | High |
308 | 41.109.68.239 | - | - | High |
309 | 41.109.74.58 | - | - | High |
310 | 41.109.90.34 | - | - | High |
311 | 41.109.224.182 | - | - | High |
312 | 41.109.251.66 | - | - | High |
313 | 41.141.118.138 | - | - | High |
314 | 41.200.44.39 | - | - | High |
315 | 41.200.126.237 | - | - | High |
316 | 41.200.143.212 | - | - | High |
317 | 41.200.209.143 | - | - | High |
318 | 41.226.95.248 | - | - | High |
319 | 41.227.188.49 | - | - | High |
320 | 41.230.155.2 | - | - | High |
321 | 41.233.42.161 | host-41.233.42.161.tedata.net | - | High |
322 | 41.233.172.236 | host-41.233.172.236.tedata.net | - | High |
323 | 41.234.63.80 | host-41.234.63.80.tedata.net | - | High |
324 | 41.234.224.29 | host-41.234.224.29.tedata.net | - | High |
325 | 41.235.176.195 | host-41.235.176.195.tedata.net | - | High |
326 | 41.237.168.1 | host-41.237.168.1.tedata.net | - | High |
327 | 41.237.177.231 | host-41.237.177.231.tedata.net | - | High |
328 | 41.238.101.232 | host-41.238.101.232.tedata.net | - | High |
329 | 41.248.145.45 | - | - | High |
330 | 41.250.151.242 | - | - | High |
331 | 43.229.151.64 | - | - | High |
332 | 43.229.151.135 | - | - | High |
333 | 43.229.151.171 | - | - | High |
334 | 43.229.151.191 | - | - | High |
335 | 43.245.199.210 | - | - | High |
336 | 43.254.134.157 | - | - | High |
337 | 43.255.241.81 | 43-255-241-81.static.bestidc.net | - | High |
338 | 45.10.88.108 | 45.10.88.108.cl.darnytsia.net | - | High |
339 | 45.32.108.159 | 45.32.108.159.vultrusercontent.com | - | High |
340 | 45.32.159.208 | 45.32.159.208.vultrusercontent.com | - | High |
341 | ... | ... | ... | ... |
There are 1362 more IOC items available. Please use our online service to access the data.
TTP - Tactics, Techniques, Procedures
Tactics, techniques, and procedures (TTP) summarize the suspected MITRE ATT&CK techniques used by NjRAT. This data is unique as it uses our predictive model for actor profiling.
ID | Technique | Weakness | Description | Confidence |
---|---|---|---|---|
1 | T1006 | CWE-21, CWE-22, CWE-23, CWE-25, CWE-29 | Pathname Traversal | High |
2 | T1040 | CWE-294, CWE-319 | Authentication Bypass by Capture-replay | High |
3 | T1055 | CWE-74 | Injection | High |
4 | T1059 | CWE-88, CWE-94, CWE-1321 | Cross Site Scripting | High |
5 | T1059.007 | CWE-79, CWE-80 | Cross Site Scripting | High |
6 | T1068 | CWE-250, CWE-264, CWE-267, CWE-269, CWE-284 | J2EE Misconfiguration: Weak Access Permissions for EJB Methods | High |
7 | ... | ... | ... | ... |
There are 22 more TTP items available. Please use our online service to access the data.
IOA - Indicator of Attack
These indicators of attack (IOA) list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration by NjRAT. This data is unique as it uses our predictive model for actor profiling.
ID | Type | Indicator | Confidence |
---|---|---|---|
1 | File | %SYSTEMDRIVE%\node_modules\.bin\wmic.exe |
High |
2 | File | /admin/ |
Low |
3 | File | /admin/general.cgi |
High |
4 | File | /admin/pages/subjects.php |
High |
5 | File | /api/admin/system/store/order/list |
High |
6 | File | /b2b-supermarket/shopping-cart |
High |
7 | File | /bookstore/bookPerPub.php |
High |
8 | File | /change-language/de_DE |
High |
9 | File | /debug/pprof |
Medium |
10 | File | /devinfo |
Medium |
11 | File | /dist/index.js |
High |
12 | File | /edit/server |
Medium |
13 | File | /forum/away.php |
High |
14 | File | /goform/formSysCmd |
High |
15 | File | /hosts/firewall/ip |
High |
16 | File | /icehrm/app/fileupload_page.php |
High |
17 | File | /index.php |
Medium |
18 | File | /index.php/ccm/system/file/upload |
High |
19 | File | /log/decodmail.php |
High |
20 | File | /nagiosxi/admin/banner_message-ajaxhelper.php |
High |
21 | File | /novel/bookSetting/list |
High |
22 | File | /oauth/idp/.well-known/openid-configuration |
High |
23 | File | /owa/auth/logon.aspx |
High |
24 | File | /php/ping.php |
High |
25 | File | /s/index.php?action=statistics |
High |
26 | File | /spip.php |
Medium |
27 | File | /system/role/list |
High |
28 | File | /TMS/admin/setting/mail/createorupdate |
High |
29 | File | /upload/ueditorConfig?action=config |
High |
30 | File | /user/index/findpass?do=4 |
High |
31 | File | /useratte/userattestation.php |
High |
32 | File | /view-pass-detail.php |
High |
33 | ... | ... | ... |
There are 283 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
References
The following list contains external sources which discuss the actor and the associated activities:
- https://app.any.run/tasks/637348e8-9a75-49ec-8301-2785d71ff81f/
- https://app.any.run/tasks/f25e9661-11e4-4cb4-8428-d2e24c13afc3
- https://blog.talosintelligence.com/2019/06/threat-roundup-0607-0614.html
- https://blog.talosintelligence.com/2019/07/threat-roundup-for-0705-0712.html
- https://blog.talosintelligence.com/2019/08/threat-roundup-0809-0816.html
- https://blog.talosintelligence.com/2019/11/threat-roundup-1025-1101.html
- https://blog.talosintelligence.com/2020/01/threat-roundup-0110-0117.html
- https://blog.talosintelligence.com/2020/01/threat-roundup-0124-0131.html
- https://blog.talosintelligence.com/2020/02/threat-roundup-0221-0228.html
- https://blog.talosintelligence.com/2020/04/threat-roundup-0326-0403.html
- https://blog.talosintelligence.com/2020/04/threat-roundup-0403-0410.html
- https://blog.talosintelligence.com/2020/05/threat-roundup-0522-0529.html
- https://blog.talosintelligence.com/2020/07/threat-roundup-0703-0710.html
- https://blog.talosintelligence.com/2020/08/threat-roundup-0814-0821.html
- https://blog.talosintelligence.com/2020/10/threat-roundup-1009-1016.html
- https://blog.talosintelligence.com/2020/12/threat-roundup-1204-1211.html
- https://blog.talosintelligence.com/2021/02/threat-roundup-0219-0226.html
- https://blog.talosintelligence.com/2021/04/threat-roundup-0326-0402.html
- https://blog.talosintelligence.com/2021/04/threat-roundup-0423-0430.html
- https://blog.talosintelligence.com/2021/08/threat-roundup-0730-0806.html
- https://blog.talosintelligence.com/threat-roundup-0217-0224/
- https://blog.talosintelligence.com/threat-roundup-0310-0317/
- https://blog.talosintelligence.com/threat-roundup-0519-0526-23/
- https://blog.talosintelligence.com/threat-roundup-0630-0707-2/
- https://blogs.blackberry.com/en/2021/08/threat-thursday-dont-let-njrat-take-your-cheddar
- https://github.com/executemalware/Malware-IOCs/blob/main/2021-08-20%20njRAT%20IOCs
- https://lab52.io/blog/apt-c-36-from-njrat-to-apt-c-36/
- https://s3.amazonaws.com/talos-intelligence-site/production/document_files/files/000/095/594/original/Network_IOCs_list_for_coverage.txt?1625657479
- https://threatfox.abuse.ch
- https://tria.ge/220113-1eecxacfb9
- https://tria.ge/220125-1bgc4affa3
- https://tria.ge/220128-wfdesahhg9
- https://tria.ge/220515-scsthshdcp
- https://tria.ge/220522-zyxg6abab8/
- https://tria.ge/220808-nnvp2accf2
- https://tria.ge/231112-vtn8rshc7w/behavioral2
- https://twitter.com/500mk500/status/1488945561176879106
- https://twitter.com/500mk500/status/1582811443887382528
- https://twitter.com/ScumBots/status/1648885910686015488
- https://twitter.com/souiten/status/1603271293649895424
- https://www.virustotal.com/gui/file/a864b81bd8c847b2818f8e9084bc0f1aa27fa3ca4a80e082a6c14ed8209425ab/behavior/Microsoft%20Sysinternals
Literature
The following articles explain our unique predictive cyber threat intelligence:
- VulDB Cyber Threat Intelligence Documentation
- Cyber Threat Intelligence - Early Anticipation of Attacks
License
(c) 1997-2024 by vuldb.com. All data on this page is shared under the license CC BY-NC-SA 4.0. Questions? Check the FAQ, read the documentation or contact us!