njrat (2)

10841887054?profile=RESIZE_400xActivity Summary - Week Ending on 14 October 2022:

  • Red Sky Alliance identified 26,570 connections from new IP’s checking in with our Sinkholes
  • Netskope IAD hit 56x
  • Analysts identified 556 new IP addresses participating in various Botnets
  • Bisamware and Chile Locker
  • njRat, a.k.a. Bladabindi
  • Emotet 2022
  • Singtel
  • Pinnacle Hack
  • Ukraine War
  • Optus Part II

Link to full report:  IR-22-288-001_weekly288.pdf

10834958069?profile=RESIZE_400xFortinet researchers recently found some malicious Microsoft Office documents that attempted to leverage legitimate websites, MediaFire and Blogger, to execute a shell script and then dropped two malware variants of Agent Tesla and njRat.  Agent Tesla is a well-known spyware, first discovered in 2014, which can steal personal data from web browsers, mail clients, and FTP servers, collect screenshots and videos, and capture clipboard data.  njRat (also known as Bladabindi) is a remote agent Troja