ioc[.]one - OSINT Cyber Threat Intelligence Database

Microsoft Word - FTA 1009 - njRAT Uncovered_rev2

Show in Graph

Common Information

Type	Value
UUID	d7ff714e-10b3-4f08-aa90-41ed2880f782
Fingerprint	be2ef52c37d74282f925622b1f2c0844dbdb7f88588ad185c1b18bfaaec021d9
Analysis status	DONE
Considered CTI value	2
Text language
Published	None
Added to db	March 10, 2024, 6:47 a.m.
Last updated	Aug. 31, 2024, 1:47 a.m.
Headline	Microsoft Word - FTA 1009 - njRAT Uncovered_rev2
Title	Microsoft Word - FTA 1009 - njRAT Uncovered_rev2
Detected Hints/Tags/Attributes	126/3/216

Source URLs

	Redirection	Url
Details	Source	https://www.threatminer.org/_reports/2013/fta-1009---njrat-uncovered-1.pdf

URL Provider

Details	Provider	Source level domain
Details	threatminer.org	www.threatminer.org

Attributes

Details	Type	#Events	Value
Details	Autonomous System Number	2	AS15975
Details	Domain	10	www.fidelissecurity.com
Details	Domain	5	www.threatgeek.com
Details	Domain	56	vb.net
Details	Domain	1	xnjq8x.com
Details	Domain	3	backdoor.lv
Details	Domain	1	bongdacongdong.vn
Details	Domain	1	alexis.id1945.com
Details	Domain	1	aw.nation-sim.net
Details	Domain	1	cs-viewer.ru
Details	Domain	1	dota2mail.hol.es
Details	Domain	1	download.mikroonur.tk
Details	Domain	1	express.vv.si
Details	Domain	1	forumteam.ru
Details	Domain	1	hs.nation-sim.net
Details	Domain	1	www.saldo-dobrado.id1945.com
Details	Domain	1	yandload.besaba.com
Details	Domain	1	php6.besaba.com
Details	Domain	1	authorization.exe-0ad199d6.pf
Details	Domain	1	netsh.exe-085cffde.pf
Details	Domain	1	msnco.exe-1616cbe8.pf
Details	Domain	1	dr-vip.no-ip.org
Details	Domain	1	mp3.servemp3.com
Details	Domain	1	kyfen.dyndns.biz
Details	Domain	1	ksadxxd24.no-ip.org
Details	Domain	1	xxsniper.no-ip.biz
Details	Domain	1	naif.no-ip.org
Details	Domain	1	wolblid.zapto.org
Details	Domain	1	m3333m.no-ip.org
Details	Domain	1	zackhaviland.no-ip.org
Details	Domain	1	alitatat.no-ip.org
Details	Domain	1	kurdkalar11.zapto.org
Details	Domain	1	hack-badone.no-ip.biz
Details	Domain	1	special.no-ip.biz
Details	Domain	1	nasr23200.no-ip.org
Details	Domain	1	wisam77.no-ip.biz
Details	Domain	1	hassoon03.no-ip.info
Details	Domain	1	samirsamir.hopto.org
Details	Domain	1	gdsg.no-ip.org
Details	Domain	1	saman70.no-ip.org
Details	Domain	38	ntdetect.com
Details	Domain	397	asp.net
Details	File	1	994.exe
Details	File	2	realupgrade.exe
Details	File	2	2013.exe
Details	File	1	elisa.exe
Details	File	2	games.exe
Details	File	131	spoolsv.exe
Details	File	1	game's.exe
Details	File	2	authorization.exe
Details	File	1	%appdata%\msnco.exe
Details	File	1	b6554e5bcfef391ff7a7ffda58092e10.exe
Details	File	2	msnco.exe
Details	File	1	cptbt_process_registry_file_info.log
Details	File	1	dobro.htm
Details	File	1205	index.php
Details	File	1	rubinrot.exe
Details	File	1	install_flashplayer11x32_mssd_aih.exe
Details	File	2	option.php
Details	File	73	trojan.msi
Details	File	13	c:\windows\system32\netsh.exe
Details	File	1	c:\windows\prefetch\authorization.exe
Details	File	1	c:\windows\prefetch\netsh.exe
Details	File	1	c:\windows\prefetch\msnco.exe
Details	File	13	no-ip.inf
Details	File	5	trojan.exe
Details	File	1	%appdata%\ja33kk.exe
Details	File	1	%userprofile%\realupgrade.exe
Details	File	25	4.exe
Details	File	2	%temp%\java.exe
Details	File	6	%temp%\trojan.exe
Details	File	1	%temp%\mohd.exe
Details	File	3	%appdata%\trojan.exe
Details	File	29	5.exe
Details	File	1	%temp%\trojen.exe
Details	File	50	a.exe
Details	File	1	%temp%\file.exe
Details	File	3	%temp%\scvhost.exe
Details	File	2	%temp%\1.exe
Details	File	1	%temp%\2.exe
Details	File	3	%temp%\system.exe
Details	File	1	%temp%\wsmlol.exe
Details	File	1	%appdata%\spoolsv.exe
Details	File	1	%temp%\win7.exe
Details	File	16	msdos.sys
Details	File	52	pagefile.sys
Details	File	1	bintext.exe
Details	File	113	autoexec.bat
Details	File	64	config.sys
Details	File	92	c:\windows\system32\svchost.exe
Details	File	99	c:\windows\explorer.exe
Details	File	26	vmacthlp.exe
Details	File	2	mdm.exe
Details	File	5	tpautoconnsvc.exe
Details	File	33	c:\windows\system32\notepad.exe
Details	File	29	c:\windows\system32\lsass.exe
Details	File	11	tpautoconnect.exe
Details	File	1	ahbornad.exe
Details	File	380	notepad.exe
Details	File	23	c:\windows\system32\services.exe
Details	File	74	vmtoolsd.exe
Details	File	2	wpffontcache_v0400.exe
Details	File	10	md.exe
Details	File	6	c:\windows\system32\smss.exe
Details	File	2	c:\windows\system32\wscntfy.exe
Details	File	63	ctfmon.exe
Details	File	1	ghoststarttrayapp.exe
Details	File	8	c:\windows\system32\spoolsv.exe
Details	File	1	ghoststartservice.exe
Details	File	28	vmwaretray.exe
Details	File	9	c:\windows\system32\csrss.exe
Details	File	127	c:\windows\system32\rundll32.exe
Details	File	11	c:\windows\system32\winlogon.exe
Details	File	3	c:\windows\system32\alg.exe
Details	File	1018	rundll32.exe
Details	File	8	c:\program files\vmware\vmware tools\vmtoolsd.exe
Details	File	1	c:\windows\ime\imjp8_1\imjpmig.exe
Details	File	1	c:\windows\ime\imkr6_1\imekrmig.exe
Details	File	1	imscinst.exe
Details	File	1	c:\windows\system32\ime\tintlgnt\tintsetp.exe
Details	File	15	reader_sl.exe
Details	File	1	njc242.exe
Details	md5	1	1d3baedd747f6f9bf92c81eb9f63b34b
Details	md5	1	63781fe1932e612c6c29225d25515111
Details	md5	1	b6554e5bcfef391ff7a7ffda58092e10
Details	md5	1	dd1ed0314f376bad9786d08b53796a67
Details	md5	1	f92654e72b03e352178cad42896f9662
Details	md5	1	03e4e092203078e7957cd7c164240f3d
Details	md5	1	3f2e9251bcd17a2cb17e9202d1b100d3
Details	md5	1	2013385034e5c8dfbbe47958fd821ca0
Details	md5	1	7c42d2426c51318f5947a92bf23e1686
Details	md5	1	a6da3b63981e345e1c3cd58c6e3dc7fc
Details	md5	1	e1471b169d6b4049d757bb705877d329
Details	md5	1	a669c0da6309a930af16381b18ba2f9d
Details	md5	1	5fcb5282da1a2a0f053051c8da1686ef
Details	md5	1	3b99f596b36ece7b6add78e3b14a3b17
Details	md5	1	79dce17498e1997264346b162b09bde8
Details	md5	1	3ad5fded9d7fdf1c2f6102f4874b2d52
Details	md5	1	fc96a7e27b1d3dab715b2732d5c86f80
Details	md5	1	60f1b8980d109a556922d5000ae02010
Details	md5	1	92ee1fb5df21d8cfafa2b02b6a25bd3b
Details	md5	1	2164c555f9f23dca54e76b94b1747480
Details	md5	1	a98b4c99f64315aac9dd992593830f35
Details	md5	1	7e34abdd10c5c763291e69a886452849
Details	md5	1	29daad42dafffab5e0f1f96d620e7392
Details	md5	1	4168543695513f767ba44997ebd71431
Details	md5	1	fb671c8735461809534813b818d193f4
Details	md5	1	2bf859ea02ae3340cd66eb5e46b1a704
Details	md5	1	24cc5b811a7f9591e7f2cb9a818be104
Details	md5	1	11b79281a25da1b798574f667c56898b
Details	md5	1	2cdbbe5045bed2031a1fc77c3e30e719
Details	md5	1	f6b4a2be06fc3ba4bb02d1bcbea328fe
Details	md5	1	9758a8dfbe15a00f55a11c8306f80da1
Details	md5	1	d2be3e6d11846430c067fc874a79f583
Details	md5	5	5cd8f17f4086744065eb0992a09e05a2
Details	md5	1	2635ef5d1f5dc1ac753feb21f019d8e4
Details	md5	1	8cff24636d2a58810bd5cdc8cb1b8987
Details	md5	1	12ce4e06a81e8d54fd01d9b762f1b1bb
Details	md5	1	191530b485fd6f0420e2c6bff7f0dbd7
Details	md5	1	614ef891df302ed5efa9b06422720faf
Details	md5	1	0954e473c171a53f80142346107acfb3
Details	md5	1	682dfec8c66a0de6f1475ca73c462a69
Details	sha1	1	328c12ba3e6e99e63968b066455b7575e7ee862b
Details	IPv4	2	217.66.231.245
Details	IPv4	1	217.66.228.0
Details	IPv4	1	217.66.231.255
Details	IPv4	1	217.66.224.0
Details	IPv4	1	112.213.89.144
Details	IPv4	1	31.170.165.90
Details	IPv4	1	217.66.231.100
Details	IPv4	81	192.168.1.100
Details	Url	1	http://xnjq8x.com
Details	Url	1	http://bongdacongdong.vn/authorization.exe
Details	Url	1	http://www.saldo-dobrado.id1945.com/sodexo2013/dobro.htm
Details	Url	1	http://yandload.besaba.com
Details	Url	1	http://yandload.besaba.com/index.php?f=rubinrot.exe
Details	Url	1	http://indonesiancode.p.ht
Details	Url	1	http://yandload.besaba.com/index.php
Details	Url	1	http://php6.besaba.com/install_flashplayer11x32_mssd_aih.exe
Details	Url	1	http://aw.nation-sim.net/ips_kernel/sabre/sabre/dav/fs/option.php
Details	Windows Registry Key	1	HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ru
Details	Windows Registry Key	1	HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\R
Details	Windows Registry Key	1	HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAcc
Details	Windows Registry Key	1	HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\b6554e5
Details	Windows Registry Key	1	HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\b6554e
Details	Windows Registry Key	1	HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Para
Details	Windows Registry Key	1	HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\9758a8dfbe
Details	Windows Registry Key	1	HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\d30ac69192
Details	Windows Registry Key	1	HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\d30ac6
Details	Windows Registry Key	1	HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\d2be3e6d11
Details	Windows Registry Key	1	HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\d2be3e
Details	Windows Registry Key	1	HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\b6554e5bcf
Details	Windows Registry Key	1	HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\b6554e5bcf
Details	Windows Registry Key	1	HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\5cd8f17f408
Details	Windows Registry Key	1	HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\5cd8f17f40
Details	Windows Registry Key	1	HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\2635ef5d1f5
Details	Windows Registry Key	1	HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\2635ef5
Details	Windows Registry Key	1	HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\8515eb34d8
Details	Windows Registry Key	1	HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\8515eb
Details	Windows Registry Key	1	HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\49afcb0bd0
Details	Windows Registry Key	1	HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\5cd8f17
Details	Windows Registry Key	1	HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\1052b8e907
Details	Windows Registry Key	1	HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\1052b8
Details	Windows Registry Key	1	HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\8515eb34d
Details	Windows Registry Key	1	HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\8cff24636d2
Details	Windows Registry Key	1	HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\8cff246
Details	Windows Registry Key	1	HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\12ce4e06a8
Details	Windows Registry Key	1	HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\12ce4e
Details	Windows Registry Key	1	HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\191530b485
Details	Windows Registry Key	1	HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\28a9e392f7
Details	Windows Registry Key	1	HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\614ef891df3
Details	Windows Registry Key	1	HKLM\Software\Microsost\Windows\CurrentVersion\Run
Details	Windows Registry Key	15	HKEY_LOCAL_MACHINE\SOFTWARE
Details	Windows Registry Key	25	HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft
Details	Windows Registry Key	104	HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows
Details	Windows Registry Key	5	HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion