mirror of
https://github.com/vuldb/cyber_threat_intelligence
synced 2024-07-03 08:58:21 +00:00
342 lines
27 KiB
Markdown
342 lines
27 KiB
Markdown
# NjRAT - Cyber Threat Intelligence
|
|
|
|
These _indicators_ were reported, collected, and generated during the [VulDB CTI analysis](https://vuldb.com/?kb.cti) of the actor known as [NjRAT](https://vuldb.com/?actor.njrat). The _activity monitoring_ correlates data from social media, forums, chat rooms, and darknet markets. It helps to determine associated actors, specific activities, expected intentions, emerging research, and ongoing attacks. Our unique _predictive model_ uses _big data_ to forecast activities and their characteristics.
|
|
|
|
_Live data_ and more _analysis capabilities_ are available at [https://vuldb.com/?actor.njrat](https://vuldb.com/?actor.njrat)
|
|
|
|
## Countries
|
|
|
|
These _countries_ are directly (e.g. origin of attacks) or indirectly (e.g. access by proxy) associated with NjRAT:
|
|
|
|
* [ES](https://vuldb.com/?country.es)
|
|
* [US](https://vuldb.com/?country.us)
|
|
* [CN](https://vuldb.com/?country.cn)
|
|
* ...
|
|
|
|
There are 23 more country items available. Please use our online service to access the data.
|
|
|
|
## IOC - Indicator of Compromise
|
|
|
|
These _indicators of compromise_ (IOC) indicate associated network resources which are known to be part of research and attack activities of NjRAT.
|
|
|
|
ID | IP address | Hostname | Campaign | Confidence
|
|
-- | ---------- | -------- | -------- | ----------
|
|
1 | [1.234.37.232](https://vuldb.com/?ip.1.234.37.232) | - | - | High
|
|
2 | [2.57.90.16](https://vuldb.com/?ip.2.57.90.16) | - | - | High
|
|
3 | [2.58.149.171](https://vuldb.com/?ip.2.58.149.171) | - | - | High
|
|
4 | [2.91.138.211](https://vuldb.com/?ip.2.91.138.211) | - | - | High
|
|
5 | [2.207.101.83](https://vuldb.com/?ip.2.207.101.83) | dslb-002-207-101-083.002.207.pools.vodafone-ip.de | - | High
|
|
6 | [2.224.144.191](https://vuldb.com/?ip.2.224.144.191) | 2-224-144-191.ip170.fastwebnet.it | - | High
|
|
7 | [3.6.30.85](https://vuldb.com/?ip.3.6.30.85) | ec2-3-6-30-85.ap-south-1.compute.amazonaws.com | - | Medium
|
|
8 | [3.6.98.232](https://vuldb.com/?ip.3.6.98.232) | ec2-3-6-98-232.ap-south-1.compute.amazonaws.com | - | Medium
|
|
9 | [3.6.115.64](https://vuldb.com/?ip.3.6.115.64) | ec2-3-6-115-64.ap-south-1.compute.amazonaws.com | - | Medium
|
|
10 | [3.6.115.182](https://vuldb.com/?ip.3.6.115.182) | ec2-3-6-115-182.ap-south-1.compute.amazonaws.com | - | Medium
|
|
11 | [3.6.122.107](https://vuldb.com/?ip.3.6.122.107) | ec2-3-6-122-107.ap-south-1.compute.amazonaws.com | - | Medium
|
|
12 | [3.13.191.225](https://vuldb.com/?ip.3.13.191.225) | ec2-3-13-191-225.us-east-2.compute.amazonaws.com | - | Medium
|
|
13 | [3.14.182.203](https://vuldb.com/?ip.3.14.182.203) | ec2-3-14-182-203.us-east-2.compute.amazonaws.com | - | Medium
|
|
14 | [3.16.105.95](https://vuldb.com/?ip.3.16.105.95) | ec2-3-16-105-95.us-east-2.compute.amazonaws.com | - | Medium
|
|
15 | [3.17.7.232](https://vuldb.com/?ip.3.17.7.232) | ec2-3-17-7-232.us-east-2.compute.amazonaws.com | - | Medium
|
|
16 | [3.17.202.129](https://vuldb.com/?ip.3.17.202.129) | ec2-3-17-202-129.us-east-2.compute.amazonaws.com | - | Medium
|
|
17 | [3.19.114.185](https://vuldb.com/?ip.3.19.114.185) | ec2-3-19-114-185.us-east-2.compute.amazonaws.com | - | Medium
|
|
18 | [3.19.130.43](https://vuldb.com/?ip.3.19.130.43) | ec2-3-19-130-43.us-east-2.compute.amazonaws.com | - | Medium
|
|
19 | [3.22.15.135](https://vuldb.com/?ip.3.22.15.135) | ec2-3-22-15-135.us-east-2.compute.amazonaws.com | - | Medium
|
|
20 | [3.22.30.40](https://vuldb.com/?ip.3.22.30.40) | ec2-3-22-30-40.us-east-2.compute.amazonaws.com | - | Medium
|
|
21 | [3.22.53.161](https://vuldb.com/?ip.3.22.53.161) | ec2-3-22-53-161.us-east-2.compute.amazonaws.com | - | Medium
|
|
22 | [3.64.4.198](https://vuldb.com/?ip.3.64.4.198) | ec2-3-64-4-198.eu-central-1.compute.amazonaws.com | - | Medium
|
|
23 | [3.66.38.117](https://vuldb.com/?ip.3.66.38.117) | ec2-3-66-38-117.eu-central-1.compute.amazonaws.com | - | Medium
|
|
24 | [3.67.15.169](https://vuldb.com/?ip.3.67.15.169) | ec2-3-67-15-169.eu-central-1.compute.amazonaws.com | - | Medium
|
|
25 | [3.67.62.142](https://vuldb.com/?ip.3.67.62.142) | ec2-3-67-62-142.eu-central-1.compute.amazonaws.com | - | Medium
|
|
26 | [3.67.112.102](https://vuldb.com/?ip.3.67.112.102) | ec2-3-67-112-102.eu-central-1.compute.amazonaws.com | - | Medium
|
|
27 | [3.67.161.133](https://vuldb.com/?ip.3.67.161.133) | ec2-3-67-161-133.eu-central-1.compute.amazonaws.com | - | Medium
|
|
28 | [3.68.56.232](https://vuldb.com/?ip.3.68.56.232) | ec2-3-68-56-232.eu-central-1.compute.amazonaws.com | - | Medium
|
|
29 | [3.68.171.119](https://vuldb.com/?ip.3.68.171.119) | ec2-3-68-171-119.eu-central-1.compute.amazonaws.com | - | Medium
|
|
30 | [3.69.115.178](https://vuldb.com/?ip.3.69.115.178) | ec2-3-69-115-178.eu-central-1.compute.amazonaws.com | - | Medium
|
|
31 | [3.69.157.220](https://vuldb.com/?ip.3.69.157.220) | ec2-3-69-157-220.eu-central-1.compute.amazonaws.com | - | Medium
|
|
32 | [3.121.139.82](https://vuldb.com/?ip.3.121.139.82) | ec2-3-121-139-82.eu-central-1.compute.amazonaws.com | - | Medium
|
|
33 | [3.124.67.191](https://vuldb.com/?ip.3.124.67.191) | ec2-3-124-67-191.eu-central-1.compute.amazonaws.com | - | Medium
|
|
34 | [3.124.142.205](https://vuldb.com/?ip.3.124.142.205) | ec2-3-124-142-205.eu-central-1.compute.amazonaws.com | - | Medium
|
|
35 | [3.125.102.39](https://vuldb.com/?ip.3.125.102.39) | ec2-3-125-102-39.eu-central-1.compute.amazonaws.com | - | Medium
|
|
36 | [3.125.188.168](https://vuldb.com/?ip.3.125.188.168) | ec2-3-125-188-168.eu-central-1.compute.amazonaws.com | - | Medium
|
|
37 | [3.125.209.94](https://vuldb.com/?ip.3.125.209.94) | ec2-3-125-209-94.eu-central-1.compute.amazonaws.com | - | Medium
|
|
38 | [3.125.223.134](https://vuldb.com/?ip.3.125.223.134) | ec2-3-125-223-134.eu-central-1.compute.amazonaws.com | - | Medium
|
|
39 | [3.126.37.18](https://vuldb.com/?ip.3.126.37.18) | ec2-3-126-37-18.eu-central-1.compute.amazonaws.com | - | Medium
|
|
40 | [3.126.224.214](https://vuldb.com/?ip.3.126.224.214) | ec2-3-126-224-214.eu-central-1.compute.amazonaws.com | - | Medium
|
|
41 | [3.127.59.75](https://vuldb.com/?ip.3.127.59.75) | ec2-3-127-59-75.eu-central-1.compute.amazonaws.com | - | Medium
|
|
42 | [3.127.138.57](https://vuldb.com/?ip.3.127.138.57) | ec2-3-127-138-57.eu-central-1.compute.amazonaws.com | - | Medium
|
|
43 | [3.127.181.115](https://vuldb.com/?ip.3.127.181.115) | ec2-3-127-181-115.eu-central-1.compute.amazonaws.com | - | Medium
|
|
44 | [3.127.253.86](https://vuldb.com/?ip.3.127.253.86) | ec2-3-127-253-86.eu-central-1.compute.amazonaws.com | - | Medium
|
|
45 | [3.128.107.74](https://vuldb.com/?ip.3.128.107.74) | ec2-3-128-107-74.us-east-2.compute.amazonaws.com | - | Medium
|
|
46 | [3.129.187.220](https://vuldb.com/?ip.3.129.187.220) | ec2-3-129-187-220.us-east-2.compute.amazonaws.com | - | Medium
|
|
47 | [3.131.147.49](https://vuldb.com/?ip.3.131.147.49) | ec2-3-131-147-49.us-east-2.compute.amazonaws.com | - | Medium
|
|
48 | [3.131.207.170](https://vuldb.com/?ip.3.131.207.170) | ec2-3-131-207-170.us-east-2.compute.amazonaws.com | - | Medium
|
|
49 | [3.132.159.158](https://vuldb.com/?ip.3.132.159.158) | ec2-3-132-159-158.us-east-2.compute.amazonaws.com | - | Medium
|
|
50 | [3.133.207.110](https://vuldb.com/?ip.3.133.207.110) | ec2-3-133-207-110.us-east-2.compute.amazonaws.com | - | Medium
|
|
51 | [3.134.39.220](https://vuldb.com/?ip.3.134.39.220) | ec2-3-134-39-220.us-east-2.compute.amazonaws.com | - | Medium
|
|
52 | [3.134.125.175](https://vuldb.com/?ip.3.134.125.175) | ec2-3-134-125-175.us-east-2.compute.amazonaws.com | - | Medium
|
|
53 | [3.136.65.236](https://vuldb.com/?ip.3.136.65.236) | ec2-3-136-65-236.us-east-2.compute.amazonaws.com | - | Medium
|
|
54 | [3.138.45.170](https://vuldb.com/?ip.3.138.45.170) | ec2-3-138-45-170.us-east-2.compute.amazonaws.com | - | Medium
|
|
55 | [3.138.180.119](https://vuldb.com/?ip.3.138.180.119) | ec2-3-138-180-119.us-east-2.compute.amazonaws.com | - | Medium
|
|
56 | [3.140.223.7](https://vuldb.com/?ip.3.140.223.7) | ec2-3-140-223-7.us-east-2.compute.amazonaws.com | - | Medium
|
|
57 | [3.141.126.222](https://vuldb.com/?ip.3.141.126.222) | ec2-3-141-126-222.us-east-2.compute.amazonaws.com | - | Medium
|
|
58 | [3.141.142.211](https://vuldb.com/?ip.3.141.142.211) | ec2-3-141-142-211.us-east-2.compute.amazonaws.com | - | Medium
|
|
59 | [3.141.177.1](https://vuldb.com/?ip.3.141.177.1) | ec2-3-141-177-1.us-east-2.compute.amazonaws.com | - | Medium
|
|
60 | [3.141.204.47](https://vuldb.com/?ip.3.141.204.47) | ec2-3-141-204-47.us-east-2.compute.amazonaws.com | - | Medium
|
|
61 | [3.141.210.37](https://vuldb.com/?ip.3.141.210.37) | ec2-3-141-210-37.us-east-2.compute.amazonaws.com | - | Medium
|
|
62 | [3.142.71.14](https://vuldb.com/?ip.3.142.71.14) | ec2-3-142-71-14.us-east-2.compute.amazonaws.com | - | Medium
|
|
63 | [3.142.81.166](https://vuldb.com/?ip.3.142.81.166) | ec2-3-142-81-166.us-east-2.compute.amazonaws.com | - | Medium
|
|
64 | [3.142.129.56](https://vuldb.com/?ip.3.142.129.56) | ec2-3-142-129-56.us-east-2.compute.amazonaws.com | - | Medium
|
|
65 | [3.142.157.76](https://vuldb.com/?ip.3.142.157.76) | ec2-3-142-157-76.us-east-2.compute.amazonaws.com | - | Medium
|
|
66 | [3.142.167.4](https://vuldb.com/?ip.3.142.167.4) | ec2-3-142-167-4.us-east-2.compute.amazonaws.com | - | Medium
|
|
67 | [3.142.167.54](https://vuldb.com/?ip.3.142.167.54) | ec2-3-142-167-54.us-east-2.compute.amazonaws.com | - | Medium
|
|
68 | [4.227.145.160](https://vuldb.com/?ip.4.227.145.160) | - | - | High
|
|
69 | [5.9.226.161](https://vuldb.com/?ip.5.9.226.161) | srv.segec.pt | - | High
|
|
70 | [5.61.49.169](https://vuldb.com/?ip.5.61.49.169) | - | - | High
|
|
71 | [5.165.69.147](https://vuldb.com/?ip.5.165.69.147) | 5x165x69x147.dynamic.voronezh.ertelecom.ru | - | High
|
|
72 | [5.166.175.27](https://vuldb.com/?ip.5.166.175.27) | 5x166x175x27.dynamic.perm.ertelecom.ru | - | High
|
|
73 | [5.227.248.32](https://vuldb.com/?ip.5.227.248.32) | - | - | High
|
|
74 | [5.249.160.56](https://vuldb.com/?ip.5.249.160.56) | rs-zap981725-1.zap-srv.com | - | High
|
|
75 | [5.252.23.20](https://vuldb.com/?ip.5.252.23.20) | vm597956.stark-industries.solutions | - | High
|
|
76 | [8.208.27.218](https://vuldb.com/?ip.8.208.27.218) | - | - | High
|
|
77 | [13.37.224.132](https://vuldb.com/?ip.13.37.224.132) | ec2-13-37-224-132.eu-west-3.compute.amazonaws.com | - | Medium
|
|
78 | [13.58.157.220](https://vuldb.com/?ip.13.58.157.220) | ec2-13-58-157-220.us-east-2.compute.amazonaws.com | - | Medium
|
|
79 | [13.59.15.185](https://vuldb.com/?ip.13.59.15.185) | ec2-13-59-15-185.us-east-2.compute.amazonaws.com | - | Medium
|
|
80 | [13.77.222.211](https://vuldb.com/?ip.13.77.222.211) | - | - | High
|
|
81 | [13.92.214.100](https://vuldb.com/?ip.13.92.214.100) | - | - | High
|
|
82 | [13.107.21.200](https://vuldb.com/?ip.13.107.21.200) | - | - | High
|
|
83 | [13.229.3.203](https://vuldb.com/?ip.13.229.3.203) | ec2-13-229-3-203.ap-southeast-1.compute.amazonaws.com | - | Medium
|
|
84 | [15.223.46.207](https://vuldb.com/?ip.15.223.46.207) | ec2-15-223-46-207.ca-central-1.compute.amazonaws.com | - | Medium
|
|
85 | [15.235.53.10](https://vuldb.com/?ip.15.235.53.10) | ns5012329.ip-15-235-53.net | - | High
|
|
86 | [18.136.148.247](https://vuldb.com/?ip.18.136.148.247) | ec2-18-136-148-247.ap-southeast-1.compute.amazonaws.com | - | Medium
|
|
87 | [18.139.9.214](https://vuldb.com/?ip.18.139.9.214) | ec2-18-139-9-214.ap-southeast-1.compute.amazonaws.com | - | Medium
|
|
88 | [18.141.129.246](https://vuldb.com/?ip.18.141.129.246) | ec2-18-141-129-246.ap-southeast-1.compute.amazonaws.com | - | Medium
|
|
89 | [18.156.13.209](https://vuldb.com/?ip.18.156.13.209) | ec2-18-156-13-209.eu-central-1.compute.amazonaws.com | - | Medium
|
|
90 | [18.157.68.73](https://vuldb.com/?ip.18.157.68.73) | ec2-18-157-68-73.eu-central-1.compute.amazonaws.com | - | Medium
|
|
91 | [18.158.58.205](https://vuldb.com/?ip.18.158.58.205) | ec2-18-158-58-205.eu-central-1.compute.amazonaws.com | - | Medium
|
|
92 | [18.158.249.75](https://vuldb.com/?ip.18.158.249.75) | ec2-18-158-249-75.eu-central-1.compute.amazonaws.com | - | Medium
|
|
93 | [18.176.183.3](https://vuldb.com/?ip.18.176.183.3) | ec2-18-176-183-3.ap-northeast-1.compute.amazonaws.com | - | Medium
|
|
94 | [18.177.53.48](https://vuldb.com/?ip.18.177.53.48) | ec2-18-177-53-48.ap-northeast-1.compute.amazonaws.com | - | Medium
|
|
95 | [18.177.60.68](https://vuldb.com/?ip.18.177.60.68) | ec2-18-177-60-68.ap-northeast-1.compute.amazonaws.com | - | Medium
|
|
96 | [18.177.76.42](https://vuldb.com/?ip.18.177.76.42) | ec2-18-177-76-42.ap-northeast-1.compute.amazonaws.com | - | Medium
|
|
97 | [18.189.106.45](https://vuldb.com/?ip.18.189.106.45) | ec2-18-189-106-45.us-east-2.compute.amazonaws.com | - | Medium
|
|
98 | [18.192.31.165](https://vuldb.com/?ip.18.192.31.165) | ec2-18-192-31-165.eu-central-1.compute.amazonaws.com | - | Medium
|
|
99 | [18.192.93.86](https://vuldb.com/?ip.18.192.93.86) | ec2-18-192-93-86.eu-central-1.compute.amazonaws.com | - | Medium
|
|
100 | [18.196.192.39](https://vuldb.com/?ip.18.196.192.39) | ec2-18-196-192-39.eu-central-1.compute.amazonaws.com | - | Medium
|
|
101 | [18.197.239.5](https://vuldb.com/?ip.18.197.239.5) | ec2-18-197-239-5.eu-central-1.compute.amazonaws.com | - | Medium
|
|
102 | [18.197.239.109](https://vuldb.com/?ip.18.197.239.109) | ec2-18-197-239-109.eu-central-1.compute.amazonaws.com | - | Medium
|
|
103 | [18.198.77.177](https://vuldb.com/?ip.18.198.77.177) | ec2-18-198-77-177.eu-central-1.compute.amazonaws.com | - | Medium
|
|
104 | [18.228.115.60](https://vuldb.com/?ip.18.228.115.60) | ec2-18-228-115-60.sa-east-1.compute.amazonaws.com | - | Medium
|
|
105 | [18.229.146.63](https://vuldb.com/?ip.18.229.146.63) | ec2-18-229-146-63.sa-east-1.compute.amazonaws.com | - | Medium
|
|
106 | [18.229.248.167](https://vuldb.com/?ip.18.229.248.167) | ec2-18-229-248-167.sa-east-1.compute.amazonaws.com | - | Medium
|
|
107 | [18.231.93.153](https://vuldb.com/?ip.18.231.93.153) | ec2-18-231-93-153.sa-east-1.compute.amazonaws.com | - | Medium
|
|
108 | [20.7.14.99](https://vuldb.com/?ip.20.7.14.99) | - | - | High
|
|
109 | [20.39.226.157](https://vuldb.com/?ip.20.39.226.157) | - | - | High
|
|
110 | [20.52.0.223](https://vuldb.com/?ip.20.52.0.223) | - | - | High
|
|
111 | [20.62.174.59](https://vuldb.com/?ip.20.62.174.59) | - | - | High
|
|
112 | [20.77.246.121](https://vuldb.com/?ip.20.77.246.121) | - | - | High
|
|
113 | [20.79.249.125](https://vuldb.com/?ip.20.79.249.125) | - | - | High
|
|
114 | [20.111.25.126](https://vuldb.com/?ip.20.111.25.126) | - | - | High
|
|
115 | [20.117.121.229](https://vuldb.com/?ip.20.117.121.229) | - | - | High
|
|
116 | [20.185.47.68](https://vuldb.com/?ip.20.185.47.68) | - | - | High
|
|
117 | [20.194.35.6](https://vuldb.com/?ip.20.194.35.6) | - | - | High
|
|
118 | [20.206.75.74](https://vuldb.com/?ip.20.206.75.74) | - | - | High
|
|
119 | [20.212.176.142](https://vuldb.com/?ip.20.212.176.142) | - | - | High
|
|
120 | [20.218.135.231](https://vuldb.com/?ip.20.218.135.231) | - | - | High
|
|
121 | [20.223.155.39](https://vuldb.com/?ip.20.223.155.39) | - | - | High
|
|
122 | [20.226.20.223](https://vuldb.com/?ip.20.226.20.223) | - | - | High
|
|
123 | [20.226.89.14](https://vuldb.com/?ip.20.226.89.14) | - | - | High
|
|
124 | [23.3.13.88](https://vuldb.com/?ip.23.3.13.88) | a23-3-13-88.deploy.static.akamaitechnologies.com | - | High
|
|
125 | [23.3.13.154](https://vuldb.com/?ip.23.3.13.154) | a23-3-13-154.deploy.static.akamaitechnologies.com | - | High
|
|
126 | [23.97.97.57](https://vuldb.com/?ip.23.97.97.57) | - | - | High
|
|
127 | [23.105.131.196](https://vuldb.com/?ip.23.105.131.196) | mail196.nessfist.com | - | High
|
|
128 | [23.105.131.209](https://vuldb.com/?ip.23.105.131.209) | mail209.nessfist.com | - | High
|
|
129 | [23.105.131.228](https://vuldb.com/?ip.23.105.131.228) | mail228.nessfist.com | - | High
|
|
130 | [23.226.130.229](https://vuldb.com/?ip.23.226.130.229) | 23.226.130.229.static.greencloudvps.com | - | High
|
|
131 | [24.152.39.233](https://vuldb.com/?ip.24.152.39.233) | 24-152-39-233.masterdaweb.com | - | High
|
|
132 | [24.232.147.72](https://vuldb.com/?ip.24.232.147.72) | OL72-147.fibertel.com.ar | - | High
|
|
133 | [27.147.169.101](https://vuldb.com/?ip.27.147.169.101) | 169.101.cetus.link3.net | - | High
|
|
134 | [31.13.66.19](https://vuldb.com/?ip.31.13.66.19) | xx-fbcdn-shv-01-iad3.fbcdn.net | - | High
|
|
135 | [31.132.34.68](https://vuldb.com/?ip.31.132.34.68) | - | - | High
|
|
136 | [34.68.118.32](https://vuldb.com/?ip.34.68.118.32) | 32.118.68.34.bc.googleusercontent.com | - | Medium
|
|
137 | [34.125.123.200](https://vuldb.com/?ip.34.125.123.200) | 200.123.125.34.bc.googleusercontent.com | - | Medium
|
|
138 | [34.176.64.245](https://vuldb.com/?ip.34.176.64.245) | 245.64.176.34.bc.googleusercontent.com | - | Medium
|
|
139 | [35.157.111.131](https://vuldb.com/?ip.35.157.111.131) | ec2-35-157-111-131.eu-central-1.compute.amazonaws.com | - | Medium
|
|
140 | [35.158.159.254](https://vuldb.com/?ip.35.158.159.254) | ec2-35-158-159-254.eu-central-1.compute.amazonaws.com | - | Medium
|
|
141 | [35.193.121.248](https://vuldb.com/?ip.35.193.121.248) | 248.121.193.35.bc.googleusercontent.com | - | Medium
|
|
142 | [35.226.2.6](https://vuldb.com/?ip.35.226.2.6) | 6.2.226.35.bc.googleusercontent.com | - | Medium
|
|
143 | [37.0.14.215](https://vuldb.com/?ip.37.0.14.215) | - | - | High
|
|
144 | [37.1.217.131](https://vuldb.com/?ip.37.1.217.131) | vps2.wo.tn | - | High
|
|
145 | [37.1.222.208](https://vuldb.com/?ip.37.1.222.208) | free.ispiria.net | - | High
|
|
146 | [37.8.22.24](https://vuldb.com/?ip.37.8.22.24) | - | - | High
|
|
147 | [37.23.233.32](https://vuldb.com/?ip.37.23.233.32) | 37.23.233-32.xdsl.ab.ru | - | High
|
|
148 | [37.38.244.230](https://vuldb.com/?ip.37.38.244.230) | - | - | High
|
|
149 | [37.48.74.101](https://vuldb.com/?ip.37.48.74.101) | - | - | High
|
|
150 | [37.120.141.158](https://vuldb.com/?ip.37.120.141.158) | - | - | High
|
|
151 | [37.120.159.237](https://vuldb.com/?ip.37.120.159.237) | - | - | High
|
|
152 | [37.144.68.25](https://vuldb.com/?ip.37.144.68.25) | 37-144-68-25.broadband.corbina.ru | - | High
|
|
153 | [37.147.137.225](https://vuldb.com/?ip.37.147.137.225) | 37-147-137-225.broadband.corbina.ru | - | High
|
|
154 | [37.230.130.14](https://vuldb.com/?ip.37.230.130.14) | - | - | High
|
|
155 | [37.230.130.89](https://vuldb.com/?ip.37.230.130.89) | - | - | High
|
|
156 | [37.235.48.20](https://vuldb.com/?ip.37.235.48.20) | 20.48.235.37.in-addr.arpa | - | High
|
|
157 | [38.89.142.205](https://vuldb.com/?ip.38.89.142.205) | - | - | High
|
|
158 | [39.115.121.241](https://vuldb.com/?ip.39.115.121.241) | - | - | High
|
|
159 | [41.36.255.72](https://vuldb.com/?ip.41.36.255.72) | host-41.36.255.72.tedata.net | - | High
|
|
160 | [41.42.68.235](https://vuldb.com/?ip.41.42.68.235) | host-41.42.68.235.tedata.net | - | High
|
|
161 | [41.43.207.74](https://vuldb.com/?ip.41.43.207.74) | host-41.43.207.74.tedata.net | - | High
|
|
162 | [41.44.233.236](https://vuldb.com/?ip.41.44.233.236) | host-41.44.233.236.tedata.net | - | High
|
|
163 | [41.47.35.252](https://vuldb.com/?ip.41.47.35.252) | host-41.47.35.252.tedata.net | - | High
|
|
164 | [41.97.3.243](https://vuldb.com/?ip.41.97.3.243) | - | - | High
|
|
165 | [41.97.242.171](https://vuldb.com/?ip.41.97.242.171) | - | - | High
|
|
166 | [41.98.30.114](https://vuldb.com/?ip.41.98.30.114) | - | - | High
|
|
167 | [41.102.0.15](https://vuldb.com/?ip.41.102.0.15) | - | - | High
|
|
168 | [41.102.39.1](https://vuldb.com/?ip.41.102.39.1) | - | - | High
|
|
169 | [41.102.190.225](https://vuldb.com/?ip.41.102.190.225) | - | - | High
|
|
170 | [41.103.11.65](https://vuldb.com/?ip.41.103.11.65) | - | - | High
|
|
171 | [41.103.17.182](https://vuldb.com/?ip.41.103.17.182) | - | - | High
|
|
172 | [41.103.60.237](https://vuldb.com/?ip.41.103.60.237) | - | - | High
|
|
173 | [41.103.172.79](https://vuldb.com/?ip.41.103.172.79) | - | - | High
|
|
174 | [41.103.178.158](https://vuldb.com/?ip.41.103.178.158) | - | - | High
|
|
175 | [41.103.180.209](https://vuldb.com/?ip.41.103.180.209) | - | - | High
|
|
176 | [41.104.37.66](https://vuldb.com/?ip.41.104.37.66) | - | - | High
|
|
177 | [41.105.208.43](https://vuldb.com/?ip.41.105.208.43) | - | - | High
|
|
178 | [41.107.120.88](https://vuldb.com/?ip.41.107.120.88) | - | - | High
|
|
179 | [41.108.115.221](https://vuldb.com/?ip.41.108.115.221) | - | - | High
|
|
180 | [41.108.181.141](https://vuldb.com/?ip.41.108.181.141) | - | - | High
|
|
181 | [41.108.184.148](https://vuldb.com/?ip.41.108.184.148) | - | - | High
|
|
182 | [41.109.68.239](https://vuldb.com/?ip.41.109.68.239) | - | - | High
|
|
183 | [41.109.74.58](https://vuldb.com/?ip.41.109.74.58) | - | - | High
|
|
184 | [41.109.224.182](https://vuldb.com/?ip.41.109.224.182) | - | - | High
|
|
185 | [41.109.251.66](https://vuldb.com/?ip.41.109.251.66) | - | - | High
|
|
186 | [41.141.118.138](https://vuldb.com/?ip.41.141.118.138) | - | - | High
|
|
187 | [41.200.44.39](https://vuldb.com/?ip.41.200.44.39) | - | - | High
|
|
188 | [41.200.126.237](https://vuldb.com/?ip.41.200.126.237) | - | - | High
|
|
189 | [41.200.143.212](https://vuldb.com/?ip.41.200.143.212) | - | - | High
|
|
190 | ... | ... | ... | ...
|
|
|
|
There are 754 more IOC items available. Please use our online service to access the data.
|
|
|
|
## TTP - Tactics, Techniques, Procedures
|
|
|
|
_Tactics, techniques, and procedures_ (TTP) summarize the suspected MITRE ATT&CK techniques used by _NjRAT_. This data is unique as it uses our predictive model for actor profiling.
|
|
|
|
ID | Technique | Weakness | Description | Confidence
|
|
-- | --------- | -------- | ----------- | ----------
|
|
1 | T1006 | CWE-22, CWE-23, CWE-36, CWE-50 | Pathname Traversal | High
|
|
2 | T1040 | CWE-319 | Authentication Bypass by Capture-replay | High
|
|
3 | T1055 | CWE-74 | Injection | High
|
|
4 | T1059 | CWE-88, CWE-94, CWE-1321 | Cross Site Scripting | High
|
|
5 | T1059.007 | CWE-79, CWE-80 | Cross Site Scripting | High
|
|
6 | ... | ... | ... | ...
|
|
|
|
There are 21 more TTP items available. Please use our online service to access the data.
|
|
|
|
## IOA - Indicator of Attack
|
|
|
|
These _indicators of attack_ (IOA) list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration by NjRAT. This data is unique as it uses our predictive model for actor profiling.
|
|
|
|
ID | Type | Indicator | Confidence
|
|
-- | ---- | --------- | ----------
|
|
1 | File | `//WEB-INF` | Medium
|
|
2 | File | `/about.php` | Medium
|
|
3 | File | `/admin.php/update/getFile.html` | High
|
|
4 | File | `/admin/sys_sql_query.php` | High
|
|
5 | File | `/administrator/components/table_manager/` | High
|
|
6 | File | `/api/baskets/{name}` | High
|
|
7 | File | `/api/geojson` | Medium
|
|
8 | File | `/api/login` | Medium
|
|
9 | File | `/Applications/Content%20Manager/Execute.aspx?cmd=convert&mode=HTML` | High
|
|
10 | File | `/cgi-bin/wlogin.cgi` | High
|
|
11 | File | `/classes/Users.php?f=save` | High
|
|
12 | File | `/company/store` | High
|
|
13 | File | `/Controller/Ajaxfileupload.ashx` | High
|
|
14 | File | `/databases/database/list` | High
|
|
15 | File | `/DXR.axd` | Medium
|
|
16 | File | `/E-mobile/App/System/File/downfile.php` | High
|
|
17 | File | `/Electron/download` | High
|
|
18 | File | `/feeds/post/publish` | High
|
|
19 | File | `/forum/away.php` | High
|
|
20 | File | `/h/` | Low
|
|
21 | File | `/inc/jquery/uploadify/uploadify.php` | High
|
|
22 | File | `/index.php?app=main&func=passport&action=login` | High
|
|
23 | File | `/index.php?page=category_list` | High
|
|
24 | File | `/jobinfo/` | Medium
|
|
25 | File | `/Moosikay/order.php` | High
|
|
26 | File | `/opac/Actions.php?a=login` | High
|
|
27 | File | `/PreviewHandler.ashx` | High
|
|
28 | File | `/proxy` | Low
|
|
29 | File | `/recipe-result` | High
|
|
30 | File | `/reservation/add_message.php` | High
|
|
31 | File | `/reviewer/system/system/admins/manage/users/user-update.php` | High
|
|
32 | File | `/send_order.cgi?parameter=access_detect` | High
|
|
33 | File | `/Service/ImageStationDataService.asmx` | High
|
|
34 | File | `/student/bookdetails.php` | High
|
|
35 | File | `/text/pdf/PdfReader.java` | High
|
|
36 | File | `/uploads/exam_question/` | High
|
|
37 | File | `/user/ticket/create` | High
|
|
38 | File | `/var/lib/docker/<remapping>` | High
|
|
39 | File | `/wp-admin/admin-ajax.php` | High
|
|
40 | File | `123flashchat.php` | High
|
|
41 | File | `a-forms.php` | Medium
|
|
42 | File | `adclick.php` | Medium
|
|
43 | File | `admin.a6mambocredits.php` | High
|
|
44 | File | `admin.cropcanvas.php` | High
|
|
45 | File | `admin.jcomments.php` | High
|
|
46 | File | `admin/?page=categories/view_category` | High
|
|
47 | File | `admin/conf_users_edit.php` | High
|
|
48 | ... | ... | ...
|
|
|
|
There are 419 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
|
|
|
## References
|
|
|
|
The following list contains _external sources_ which discuss the actor and the associated activities:
|
|
|
|
* https://app.any.run/tasks/f25e9661-11e4-4cb4-8428-d2e24c13afc3
|
|
* https://blog.talosintelligence.com/2019/06/threat-roundup-0607-0614.html
|
|
* https://blog.talosintelligence.com/2019/07/threat-roundup-for-0705-0712.html
|
|
* https://blog.talosintelligence.com/2019/08/threat-roundup-0809-0816.html
|
|
* https://blog.talosintelligence.com/2019/11/threat-roundup-1025-1101.html
|
|
* https://blog.talosintelligence.com/2020/01/threat-roundup-0110-0117.html
|
|
* https://blog.talosintelligence.com/2020/01/threat-roundup-0124-0131.html
|
|
* https://blog.talosintelligence.com/2020/02/threat-roundup-0221-0228.html
|
|
* https://blog.talosintelligence.com/2020/04/threat-roundup-0326-0403.html
|
|
* https://blog.talosintelligence.com/2020/04/threat-roundup-0403-0410.html
|
|
* https://blog.talosintelligence.com/2020/05/threat-roundup-0522-0529.html
|
|
* https://blog.talosintelligence.com/2020/07/threat-roundup-0703-0710.html
|
|
* https://blog.talosintelligence.com/2020/08/threat-roundup-0814-0821.html
|
|
* https://blog.talosintelligence.com/2020/10/threat-roundup-1009-1016.html
|
|
* https://blog.talosintelligence.com/2020/12/threat-roundup-1204-1211.html
|
|
* https://blog.talosintelligence.com/2021/02/threat-roundup-0219-0226.html
|
|
* https://blog.talosintelligence.com/2021/04/threat-roundup-0326-0402.html
|
|
* https://blog.talosintelligence.com/2021/04/threat-roundup-0423-0430.html
|
|
* https://blog.talosintelligence.com/2021/08/threat-roundup-0730-0806.html
|
|
* https://blog.talosintelligence.com/threat-roundup-0217-0224/
|
|
* https://blog.talosintelligence.com/threat-roundup-0310-0317/
|
|
* https://blog.talosintelligence.com/threat-roundup-0519-0526-23/
|
|
* https://blog.talosintelligence.com/threat-roundup-0630-0707-2/
|
|
* https://blogs.blackberry.com/en/2021/08/threat-thursday-dont-let-njrat-take-your-cheddar
|
|
* https://github.com/executemalware/Malware-IOCs/blob/main/2021-08-20%20njRAT%20IOCs
|
|
* https://s3.amazonaws.com/talos-intelligence-site/production/document_files/files/000/095/594/original/Network_IOCs_list_for_coverage.txt?1625657479
|
|
* https://threatfox.abuse.ch
|
|
* https://tria.ge/220113-1eecxacfb9
|
|
* https://tria.ge/220125-1bgc4affa3
|
|
* https://tria.ge/220128-wfdesahhg9
|
|
* https://tria.ge/220515-scsthshdcp
|
|
* https://tria.ge/220522-zyxg6abab8/
|
|
* https://tria.ge/220808-nnvp2accf2
|
|
* https://twitter.com/500mk500/status/1488945561176879106
|
|
* https://twitter.com/500mk500/status/1582811443887382528
|
|
* https://twitter.com/ScumBots/status/1648885910686015488
|
|
* https://twitter.com/souiten/status/1603271293649895424
|
|
* https://www.virustotal.com/gui/file/a864b81bd8c847b2818f8e9084bc0f1aa27fa3ca4a80e082a6c14ed8209425ab/behavior/Microsoft%20Sysinternals
|
|
|
|
## Literature
|
|
|
|
The following _articles_ explain our unique predictive cyber threat intelligence:
|
|
|
|
* [VulDB Cyber Threat Intelligence Documentation](https://vuldb.com/?kb.cti)
|
|
* [Cyber Threat Intelligence - Early Anticipation of Attacks](https://www.scip.ch/en/?labs.20201022)
|
|
|
|
## License
|
|
|
|
(c) [1997-2023](https://vuldb.com/?kb.changelog) by [vuldb.com](https://vuldb.com/?kb.about). All data on this page is shared under the license [CC BY-NC-SA 4.0](https://creativecommons.org/licenses/by-nc-sa/4.0/). Questions? Check the [FAQ](https://vuldb.com/?kb.faq), read the [documentation](https://vuldb.com/?kb) or [contact us](https://vuldb.com/?contact)!
|