Unusual njRat campaign originating from Saudi Arabia
概要
This campaign seems to be old but still running (although my infection wasn’t being manually controlled at the time). The first sample found was submitted 7 months ago.
The operation seems to originate from Saudi Arabia mostly; seeing its C2 IP is a home IP address and njRat does not support proxying C2 communciations over infectees. It means this was most likely the actual operator. I have no clue on the exact targets; the website I found was a Dutch website for a hobby group not a really high-ranked target. The spreading method of a fake antivirus website was also quite confusing, normally I see these things dropping FakeAV’s as I’ve written on in the past.
Created: 2026-02-23
Indicators
類似Pulses
このPulseに関連する脅威アクター (事実ベース)
Score: 6.37
Matched TTPs:
- T1550.003 - Pass the Ticket
- T1566.003 - Spearphishing via Service
MITREへのリンク →
Score: 12.52
Matched TTPs:
- T1550.003 - Pass the Ticket
- T1218.010 - Regsvr32
- T1189 - Drive-by Compromise
- T1046 - Network Service Discovery
- T1569.002 - Service Execution
MITREへのリンク →
Score: 8.20
Matched TTPs:
- T1550.003 - Pass the Ticket
- T1189 - Drive-by Compromise
- T1124 - System Time Discovery
MITREへのリンク →
Score: 4.13
Matched TTPs:
- T1552.006 - Group Policy Preferences
MITREへのリンク →
Score: 6.53
Matched TTPs:
- T1552.006 - Group Policy Preferences
- T1569.002 - Service Execution
MITREへのリンク →
Score: 4.51
Matched TTPs:
- T1218.010 - Regsvr32
- T1046 - Network Service Discovery
MITREへのリンク →
Score: 5.67
Matched TTPs:
- T1218.010 - Regsvr32
- T1219.002 - Remote Desktop Software
MITREへのリンク →
Score: 5.14
Matched TTPs:
- T1218.010 - Regsvr32
- T1569.002 - Service Execution
MITREへのリンク →
Score: 4.51
Matched TTPs:
- T1218.010 - Regsvr32
- T1189 - Drive-by Compromise
MITREへのリンク →
Score: 5.67
Matched TTPs:
- T1218.010 - Regsvr32
- T1219.002 - Remote Desktop Software
MITREへのリンク →
Score: 4.51
Matched TTPs:
- T1218.010 - Regsvr32
- T1189 - Drive-by Compromise
MITREへのリンク →
Score: 8.83
Matched TTPs:
- T1137.004 - Outlook Home Page
- T1046 - Network Service Discovery
- T1566.003 - Spearphishing via Service
MITREへのリンク →
Score: 5.45
Matched TTPs:
- T1219.002 - Remote Desktop Software
- T1566.003 - Spearphishing via Service
MITREへのリンク →
Score: 5.45
Matched TTPs:
- T1219.002 - Remote Desktop Software
- T1566.003 - Spearphishing via Service
MITREへのリンク →
Score: 4.69
Matched TTPs:
- T1219.002 - Remote Desktop Software
- T1046 - Network Service Discovery
MITREへのリンク →
Score: 4.69
Matched TTPs:
- T1219.002 - Remote Desktop Software
- T1189 - Drive-by Compromise
MITREへのリンク →
Score: 4.29
Matched TTPs:
- T1189 - Drive-by Compromise
- T1566.003 - Spearphishing via Service
MITREへのリンク →
Score: 4.16
Matched TTPs:
- T1189 - Drive-by Compromise
- T1569.002 - Service Execution
MITREへのリンク →
Score: 4.36
Matched TTPs:
- T1189 - Drive-by Compromise
- T1124 - System Time Discovery
MITREへのリンク →
Score: 6.30
Matched TTPs:
- T1189 - Drive-by Compromise
- T1498 - Network Denial of Service
MITREへのリンク →
Score: 4.29
Matched TTPs:
- T1189 - Drive-by Compromise
- T1566.003 - Spearphishing via Service
MITREへのリンク →
Score: 4.36
Matched TTPs:
- T1189 - Drive-by Compromise
- T1124 - System Time Discovery
MITREへのリンク →
Score: 8.65
Matched TTPs:
- T1189 - Drive-by Compromise
- T1046 - Network Service Discovery
- T1124 - System Time Discovery
- T1566.003 - Spearphishing via Service
MITREへのリンク →
Score: 3.53
Matched TTPs:
- T1189 - Drive-by Compromise
- T1046 - Network Service Discovery
MITREへのリンク →
Score: 3.53
Matched TTPs:
- T1189 - Drive-by Compromise
- T1046 - Network Service Discovery
MITREへのリンク →
Score: 6.88
Matched TTPs:
- T1189 - Drive-by Compromise
- T1124 - System Time Discovery
- T1566.003 - Spearphishing via Service
MITREへのリンク →
Score: 6.05
Matched TTPs:
- T1189 - Drive-by Compromise
- T1046 - Network Service Discovery
- T1566.003 - Spearphishing via Service
MITREへのリンク →
Score: 4.13
Matched TTPs:
- T1564.005 - Hidden File System
MITREへのリンク →
Score: 4.13
Matched TTPs:
- T1564.005 - Hidden File System
MITREへのリンク →
Score: 4.36
Matched TTPs:
- T1046 - Network Service Discovery
- T1124 - System Time Discovery
MITREへのリンク →
Score: 4.16
Matched TTPs:
- T1046 - Network Service Discovery
- T1569.002 - Service Execution
MITREへのリンク →
Score: 4.16
Matched TTPs:
- T1046 - Network Service Discovery
- T1569.002 - Service Execution
MITREへのリンク →
Score: 4.16
Matched TTPs:
- T1046 - Network Service Discovery
- T1569.002 - Service Execution
MITREへのリンク →
Score: 6.76
Matched TTPs:
- T1046 - Network Service Discovery
- T1569.002 - Service Execution
- T1124 - System Time Discovery
MITREへのリンク →
Score: 4.16
Matched TTPs:
- T1046 - Network Service Discovery
- T1569.002 - Service Execution
MITREへのリンク →
Score: 6.69
Matched TTPs:
- T1046 - Network Service Discovery
- T1569.002 - Service Execution
- T1566.003 - Spearphishing via Service
MITREへのリンク →
Score: 4.16
Matched TTPs:
- T1046 - Network Service Discovery
- T1569.002 - Service Execution
MITREへのリンク →
Score: 4.99
Matched TTPs:
- T1569.002 - Service Execution
- T1124 - System Time Discovery
MITREへのリンク →
Score: 4.92
Matched TTPs:
- T1569.002 - Service Execution
- T1566.003 - Spearphishing via Service
MITREへのリンク →
このPulseに関連する脅威アクター (推論ベース)
Score: 0.81
Matched TTPs:
- T1189 - Drive-by Compromise
- T1046 - Network Service Discovery
- T1218.010 - Regsvr32
- T1569.002 - Service Execution
- T1550.003 - Pass the Ticket
MITREへのリンク →
Score: 0.60
Matched TTPs:
- T1137.004 - Outlook Home Page
- T1566.003 - Spearphishing via Service
- T1046 - Network Service Discovery
MITREへのリンク →
Score: 0.59
Matched TTPs:
- T1189 - Drive-by Compromise
- T1124 - System Time Discovery
- T1566.003 - Spearphishing via Service
- T1046 - Network Service Discovery
MITREへのリンク →
Related CVEs
このPulseに見つかったCVEはありません。
Pulse – 脅威アクター グラフ
← Pulse一覧に戻る
Trusted Design