• Home

  • Documents

  • HR E A T T ET R THREAT ALERTS HACKING THE HACKERS
1
WHAT’S HAPPENING? Cybereason Nocturnus is investigating a campaign where attackers are trojanizing multiple hacking tools with njRat, a well known RAT. The campaign ultimately gives attackers total access to the target machine. In this writeup, the Nocturnus team presents an analysis of the attacker TTPs and indicators of compromise. During this investigation, we uncovered hundreds of trojanized files and information about the threat actors infrastructure. KEY OBSERVATIONS & TTPS » A Widespread Campaign: The Nocturnus team has found a widespread hacking campaign that uses the njRat trojan to hijack the victim’s machine, giving the threat actors complete access that can be used for anything from conducting DDoS attacks to stealing sensitive data. » Baiting Hackers: The malware is spreading by turning various hacking tools and other installers into trojans. The threat actors are posting the maliciously modified files on various forums and websites to bait other hackers. » Using Vulnerable Wordpress Sites: The threat actors are hacking vulnerable WordPress installations to host their malicious njRat payloads. » Creating a “Malware Factory”: It seems as if the threat actors behind this campaign are building new iterations of their hacking tools on a daily basis. » Read the full length research here. CYBEREASON CUSTOMERS We highly recommend every customer enable the following features: » If you do not have Cybereason NGAV activated, consider doing so to prevent against threats like these. » For Cybereason MDR customers, the Cybereason team will monitor and triage as well as assist in the mitigation of potential infections. THREAT TYPE: REMOTE ACCESS TROJAN TARGET INDUSTRY: ANY ATTACK GOAL: TOTAL CONTROL & PROLIFERATION IMPACTED GEO: WORLDWIDE OVERVIEW Be careful to avoid installing tools downloaded from untrusted sources. Periodically proactively hunt in your environment for potential attacks on sensitive assets. REMEDIATION STEPS CYBEREASON.COM EXPERIENCED A BREACH? EMAIL US AT DETECTED BY THE CYBEREASON DEFENSE PLATFORM [email protected] HACKING THE HACKERS THREAT ALERTS T H R E A T A L E R T T H R E A T A L E R T T H R E A T A L E R T T H R E A T A L E R T T H R E A T A L E R T

HR E A T T ET R THREAT ALERTS HACKING THE HACKERS

  • Upload
    others

  • View
    1

  • Download
    0

Embed Size (px)

Citation preview

Page 1: HR E A T T ET R THREAT ALERTS HACKING THE HACKERS

W H AT ’S H AP P ENING? Cybereason Nocturnus is investigating a campaign where attackers are trojanizing

multiple hacking tools with njRat, a well known RAT. The campaign ultimately gives

attackers total access to the target machine.

In this writeup, the Nocturnus team presents an analysis of the attacker TTPs

and indicators of compromise. During this investigation, we uncovered hundreds

of trojanized files and information about the threat actors infrastructure.

K E Y OB SER VAT IONS & T T P S» A Widespread Campaign: The Nocturnus team has found a widespread hacking

campaign that uses the njRat trojan to hijack the victim’s machine, giving the

threat actors complete access that can be used for anything from conducting

DDoS attacks to stealing sensitive data.

» Baiting Hackers: The malware is spreading by turning various hacking tools

and other installers into trojans. The threat actors are posting the maliciously

modified files on various forums and websites to bait other hackers.

» Using Vulnerable Wordpress Sites: The threat actors are hacking vulnerable

WordPress installations to host their malicious njRat payloads.

» Creating a “Malware Factory”: It seems as if the threat actors behind this

campaign are building new iterations of their hacking tools on a daily basis.

» Read the full length research here.

C YBER E A S ON CU S T OMER S

We highly recommend every customer enable the following features:

» If you do not have Cybereason NGAV activated, consider doing so to prevent

against threats like these.

» For Cybereason MDR customers, the Cybereason team will monitorand triage as well as assist in the mitigation of potential infections.

THREAT TYPE: REMOTE ACCESS TROJAN

TARGET INDUSTRY: ANY

ATTACK GOAL: TOTAL CONTROL & PROLIFERATION

IMPACTED GEO: WORLDWIDE

OV E RV I E W

Be careful to avoid installing tools downloaded from untrusted sources.

Periodically proactively hunt in your environment for potential attacks on sensitive assets.

R E M E D I AT I O N ST E P S

C Y B E R E A S O N . C O M

EXPERIENCED A BREACH?

EMAIL US AT

DETECTED BY THE CYBEREASON DEFENSE PLATFORM

I N F O @ C Y B E R E A S O N . C O M

H A CK ING T HE H A CK ER STHREAT ALERTS

• TH

RE

AT

ALERT • THREAT ALER

T •

TH

RE

AT

AL

ER

T •

T H R E A T A L E R T • T H R E AT

AL

ER

T

https://www.cybereason.com/blog/whos-hacking-the-hackers-no-honor-among-thieves

Websites for Hackers

Websites for Hackers

Technology
NET for hackers

NET for hackers

Technology
Hackers to Hackers Conference 4th. Ed. - Events

Hackers to Hackers Conference 4th. Ed. - Events

Documents
Hackers Attitude

Hackers Attitude

Documents
Hackers Desk

Hackers Desk

Documents
PROFILING HACKERS' SKILL LEVEL BY STATISTICALLY CORRELATING THE RELATIONSHIP BETWEEN TCP CONNECTIONS AND SNORT ALERTS Khiem Lam

PROFILING HACKERS' SKILL LEVEL BY STATISTICALLY CORRELATING THE RELATIONSHIP BETWEEN TCP CONNECTIONS AND SNORT ALERTS Khiem Lam

Documents
Hackers vs Hackers

Hackers vs Hackers

Software
Midnight Hackers

Midnight Hackers

Technology
69-2678EFS 05 - Alerts and Delta T Diagnostics with the ... · INSTALLATION INSTRUCTIONS 69-2678EFS-05 Alerts and Delta T Diagnostics with the Prestige® 2.0 IAQ Thermostat MOUNTING

69-2678EFS 05 - Alerts and Delta T Diagnostics with the ... · INSTALLATION INSTRUCTIONS 69-2678EFS-05 Alerts and Delta T Diagnostics with the Prestige® 2.0 IAQ Thermostat MOUNTING

Documents
Vol - hackers

Vol - hackers

Documents
2014 Car Hackers Handbook - OpenGarages Car Hackers Handbook - OpenGarages

2014 Car Hackers Handbook - OpenGarages Car Hackers Handbook - OpenGarages

Documents
hackers informaticos

hackers informaticos

Technology
Hackers secrets

Hackers secrets

Technology
More of What Hackers Don ’t Want You to Know - FIRST - · PDF file · 2009-07-29More of What Hackers Don ’t Want You to Know Jeff Crume, ... #1 call to most help desks ... Bluetooth

More of What Hackers Don ’t Want You to Know - FIRST - · PDF file · 2009-07-29More of What Hackers Don ’t Want You to Know Jeff Crume, ... #1 call to most help desks ... Bluetooth

Documents
69-2678EFS 03 - Alerts and Delta T Diagnostics with … Materials-Alerts... · The thermostat cannot be setup for Heat Delta T Diagnostics when the thermostat is used with an external

69-2678EFS 03 - Alerts and Delta T Diagnostics with … Materials-Alerts... · The thermostat cannot be setup for Heat Delta T Diagnostics when the thermostat is used with an external

Documents
INRIX SAFETY ALERTS Hyper-local, real-time road condition alerts …inrix.com/wp-content/uploads/2017/11/INRIX-Safety-Alerts-Brochure.… · INRIX Safety Alerts detects and alerts

INRIX SAFETY ALERTS Hyper-local, real-time road condition alerts …inrix.com/wp-content/uploads/2017/11/INRIX-Safety-Alerts-Brochure.… · INRIX Safety Alerts detects and alerts

Documents
Car hackers

Car hackers

Documents
Hackers 22

Hackers 22

Technology
Reference Hackers

Reference Hackers

Education
hackers vs suits

hackers vs suits

Technology
H ALERTS - aappublications.org fileHEALTH ALERTS Randi/Rossmountainbikes The U.S. Consumer. ~~~ProductSafetyCommission _ = t !N" ~(CPSC) and Rand/Ross - _ E tVi' ~BicycleCo.ofFarmingdale,

H ALERTS - aappublications.org fileHEALTH ALERTS Randi/Rossmountainbikes The U.S. Consumer. ~~~ProductSafetyCommission _ = t !N" ~(CPSC) and Rand/Ross - _ E tVi' ~BicycleCo.ofFarmingdale,

Documents
January 2009L. T. Yabrough, U.S. Coast Guard1 406 MHz EPIRB False Alerts Cause and Prevention of False Alerts

January 2009L. T. Yabrough, U.S. Coast Guard1 406 MHz EPIRB False Alerts Cause and Prevention of False Alerts

Documents
(HACKING) Hackers Handbook

(HACKING) Hackers Handbook

Documents
Wanted hackers!!

Wanted hackers!!

Education
Servers for Hackers

Servers for Hackers

Documents
Ethereum hackers

Ethereum hackers

Documents
Hiring Hackers

Hiring Hackers

Technology
hackers 2 hackers conference III · hackers 2 hackers conference III voip (in)security integrity attacks *caller-id spoofing *problem: easily spoofable/ not always checked / systems

hackers 2 hackers conference III · hackers 2 hackers conference III voip (in)security integrity attacks *caller-id spoofing *problem: easily spoofable/ not always checked / systems

Documents
69-2678EFS 03 - Alerts and Delta T Diagnostics with … · Alerts and Delta T Diagnostics with the Prestige® 2.0 IAQ Thermostat MOUNTING LOCATIONS Refer to the guidelines below and

69-2678EFS 03 - Alerts and Delta T Diagnostics with … · Alerts and Delta T Diagnostics with the Prestige® 2.0 IAQ Thermostat MOUNTING LOCATIONS Refer to the guidelines below and

Documents
Brain Hackers

Brain Hackers

Health & Medicine