New RATs emerge from leaked Njw0rm source code
Jump to navigation
Jump to search
The printable version is no longer supported and may have rendering errors. Please update your browser bookmarks and please use the default browser print function instead.
(Publication) Google search: [1]
| New RATs emerge from leaked Njw0rm source code | |
|---|---|
| Botnet | Njw0rm, kjw0rm, Sir DoOom |
| Malware | |
| Botnet/malware group | |
| Exploit kits | |
| Services | |
| Feature | |
| Distribution vector | |
| Target | |
| Origin | |
| Campaign | |
| Operation/Working group | |
| Vulnerability | |
| CCProtocol | |
| Date | 2015 / 2015-01-22 |
| Editor/Conference | Trend Labs |
| Link | http://blog.trendmicro.com/trendlabs-security-intelligence/new-rats-emerge-from-leaked-njw0rm-source-code/ (Archive copy) |
| Author | Michael Marcos |
| Type | Blogpost |
Abstract
“ In the middle of my research on the remote access Trojan (RAT) known as “njrat” or “Njw0rm”, I stumbled upon dev-point.com, a site that disguises itself as a site for “IT enthusiasts” but actually hosts various downloaders, different types of spyware, and RATs. I explored the site and found that they host malware under the “Protection Devices” section in their website. Under this section was a forum written in Arabic, which may suggest that an Arabic-speaking country is behind it.
Bibtex
@misc{Lua error: Cannot create process: proc_open(/dev/null): failed to open stream: Operation not permitted2015BFR389,
editor = {Trend Labs},
author = {Michael Marcos},
title = {New RATs emerge from leaked Njw0rm source code},
date = {22},
month = Jan,
year = {2015},
howpublished = {\url{http://blog.trendmicro.com/trendlabs-security-intelligence/new-rats-emerge-from-leaked-njw0rm-source-code/}},
}