Campaigns
Who will be Earth Bogle's Victims in North Africa and the Middle East?

Who will be Earth Bogle's Victims in North Africa and the Middle East?

NjRATBladabindi
The campaign is active, and currently, threat actors are targeting victims with NjRAT (also known as Bladabindi) in the Middle East and North Africa.

Indicators of Compromise

success20.hopto.org
www.unimed-corporated.com
firefoxsystem.sytes.net
googledrives.ddns.net
venoxxxx.xxx
warzonecdt.duckdns.org
microsofft.sslblindado.com
cdtpitbull.hopto.org
ret.6bc.us
corporated.com
successfully.hopto.org
shop.prynt.market
market.prynt.market
cdtmaster.com.br
bigdaddy-service.biz
msin.hopto.org
www.gpla.gov.ly
maringareservas.com.br
hypemediardf.com.pl
queda212.duckdns.org
unimed-corporated.com
quedabesouro.ddns.net
passagensv.sslblindado.com
system11.sslblindado.com
3030pp.hopto.org
cdt2021.zapto.org
trojan.bat.powexec.ar
111234cdt.ddns.net
vemvemserver.duckdns.org
gpla.gov.ly
2525.libya2020.com.ly
brasilnativopousada.com.br
sslblindado.com
4success.zapto.org

APT Groups1

TA558
TA558

Campaign Guidance

Remediation, mitigation, notes, history and related intelligence

Backdoor.NJRat REF

How to remove Backdoor.NJRat Trojans

Backdoor.NJRat may run silently in the background and may not provide any indication of infection to the user. Backdoor.NJRat may also disable Antivirus programs and other Microsoft Windows security features.


Backdoor.NJRat Remote Access Trojan Types

Backdoor.NJRat may be distributed using various methods. This software may be packaged with free online software, or could be disguised as a harmless program and distributed by email. Alternatively, this software may be installed by websites using software vulnerabilities. Infections that occur in this manner are usually silent and happen without user knowledge or consent.

How to protect against Backdoor.NJRat Remote Access Trojans



Malwarebytes protects users from the installation of Backdoor.NJRat Malwarebytes detects and removes Backdoor.NJRat

----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------

Remediation for NjRAT specifically may include the following steps:
  • Identify the infection: Use antivirus software or other security tools to detect and identify the presence of NjRAT on your system.
  • Isolate the infected system: Disconnect the infected system from the network to prevent the spread of the malware.
  • Remove the malware: Use malware removal software or manually delete the NjRAT files from the infected system.
  • Patch vulnerabilities: Identify and patch any vulnerabilities that may have been exploited to deliver the malware, such as unpatched software.
  • Monitor for further activity: Monitor the system and network for any signs of further malware activity.
  • Implement security controls: Implement security controls such as firewalls, intrusion detection systems, and intrusion prevention systems to protect against future attacks.
  • User education: Educate users on how to spot and avoid phishing emails or other social engineering tactics that may be used to deliver the NjRAT malware.
It is also important to note that, in case of an ongoing attack, it's always recommended to contact a professional incident response team.

Reports & References2

Observed Countries22

AE (348)
AF (185)
BH (746)
DZ (130)
EG (248)
IL (342)
IQ (469)
IR (10)
JO (698)
KW (123)
LB (984)
LY (855)
MA (264)
OM (121)
PK (977)
PS (915)
QA (880)
SA (641)
SD (802)
SY (256)
TN (653)
YE (738)