New RATs emerge from leaked Njw0rm source code
Jump to navigation
Jump to search
(Publication) Google search: [1]
| New RATs emerge from leaked Njw0rm source code | |
|---|---|
| Botnet | Njw0rm, kjw0rm, Sir DoOom |
| Malware | |
| Botnet/malware group | |
| Exploit kits | |
| Services | |
| Feature | |
| Distribution vector | |
| Target | |
| Origin | |
| Campaign | |
| Operation/Working group | |
| Vulnerability | |
| CCProtocol | |
| Date | 2015 / 2015-01-22 |
| Editor/Conference | Trend Labs |
| Link | http://blog.trendmicro.com/trendlabs-security-intelligence/new-rats-emerge-from-leaked-njw0rm-source-code/ (Archive copy) |
| Author | Michael Marcos |
| Type | Blogpost |
Abstract
“ In the middle of my research on the remote access Trojan (RAT) known as “njrat” or “Njw0rm”, I stumbled upon dev-point.com, a site that disguises itself as a site for “IT enthusiasts” but actually hosts various downloaders, different types of spyware, and RATs. I explored the site and found that they host malware under the “Protection Devices” section in their website. Under this section was a forum written in Arabic, which may suggest that an Arabic-speaking country is behind it.
Bibtex
@misc{Lua error: Cannot create process: proc_open(/dev/null): failed to open stream: Operation not permitted2015BFR389,
editor = {Trend Labs},
author = {Michael Marcos},
title = {New RATs emerge from leaked Njw0rm source code},
date = {22},
month = Jan,
year = {2015},
howpublished = {\url{http://blog.trendmicro.com/trendlabs-security-intelligence/new-rats-emerge-from-leaked-njw0rm-source-code/}},
}