
Who will be Earth Bogle's Victims in North Africa and the Middle East?
NjRATBladabindi
The campaign is active, and currently, threat actors are targeting victims with NjRAT (also known as Bladabindi) in the Middle East and North Africa.
Indicators of Compromise
success20.hopto.orgSOCRadar2023-01-23
www.unimed-corporated.comSOCRadar2023-01-23
firefoxsystem.sytes.netSOCRadar2023-01-23
googledrives.ddns.netSOCRadar2023-01-23
venoxxxx.xxxSOCRadar2023-01-23
warzonecdt.duckdns.orgSOCRadar2023-01-23
microsofft.sslblindado.comSOCRadar2023-01-23
cdtpitbull.hopto.orgSOCRadar2023-01-23
ret.6bc.usSOCRadar2023-01-23
corporated.comSOCRadar2023-01-23
successfully.hopto.orgSOCRadar2023-01-23
shop.prynt.marketSOCRadar2023-01-23
market.prynt.marketSOCRadar2023-01-23
cdtmaster.com.brSOCRadar2023-01-23
bigdaddy-service.bizSOCRadar2023-01-23
msin.hopto.orgSOCRadar2023-01-23
www.gpla.gov.lySOCRadar2023-01-23
maringareservas.com.brSOCRadar2023-01-23
hypemediardf.com.plSOCRadar2023-01-23
queda212.duckdns.orgSOCRadar2023-01-23
unimed-corporated.comSOCRadar2023-01-23
quedabesouro.ddns.netSOCRadar2023-01-23
passagensv.sslblindado.comSOCRadar2023-01-23
system11.sslblindado.comSOCRadar2023-01-23
3030pp.hopto.orgSOCRadar2023-01-23
cdt2021.zapto.orgSOCRadar2023-01-23
trojan.bat.powexec.arSOCRadar2023-01-23
111234cdt.ddns.netSOCRadar2023-01-23
vemvemserver.duckdns.orgSOCRadar2023-01-23
gpla.gov.lySOCRadar2023-01-23
2525.libya2020.com.lySOCRadar2023-01-23
brasilnativopousada.com.brSOCRadar2023-01-23
sslblindado.comSOCRadar2023-01-23
4success.zapto.orgSOCRadar2023-01-23
APT Groups1
TA558
TA558
Campaign Guidance
Remediation, mitigation, notes, history and related intelligence
Backdoor.NJRat REF
How to remove Backdoor.NJRat Trojans
Backdoor.NJRat may run silently in the background and may not provide any indication of infection to the user. Backdoor.NJRat may also disable Antivirus programs and other Microsoft Windows security features.
Backdoor.NJRat Remote Access Trojan Types
Backdoor.NJRat may be distributed using various methods. This software may be packaged with free online software, or could be disguised as a harmless program and distributed by email. Alternatively, this software may be installed by websites using software vulnerabilities. Infections that occur in this manner are usually silent and happen without user knowledge or consent.
How to protect against Backdoor.NJRat Remote Access Trojans
Malwarebytes protects users from the installation of Backdoor.NJRat Malwarebytes detects and removes Backdoor.NJRat
----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------
Remediation for NjRAT specifically may include the following steps:
- Identify the infection: Use antivirus software or other security tools to detect and identify the presence of NjRAT on your system.
- Isolate the infected system: Disconnect the infected system from the network to prevent the spread of the malware.
- Remove the malware: Use malware removal software or manually delete the NjRAT files from the infected system.
- Patch vulnerabilities: Identify and patch any vulnerabilities that may have been exploited to deliver the malware, such as unpatched software.
- Monitor for further activity: Monitor the system and network for any signs of further malware activity.
- Implement security controls: Implement security controls such as firewalls, intrusion detection systems, and intrusion prevention systems to protect against future attacks.
- User education: Educate users on how to spot and avoid phishing emails or other social engineering tactics that may be used to deliver the NjRAT malware.
It is also important to note that, in case of an ongoing attack, it's always recommended to contact a professional incident response team.
Reports & References2
Observed Countries22
AE (348)
AF (185)
BH (746)
DZ (130)
EG (248)
IL (342)
IQ (469)
IR (10)
JO (698)
KW (123)
LB (984)
LY (855)
MA (264)
OM (121)
PK (977)
PS (915)
QA (880)
SA (641)
SD (802)
SY (256)
TN (653)
YE (738)