njRAT Remote Access Trojan
First observed in 2013, njRAT (also known as Bladabindi) is a .NET-based remote access trojan that has undergone multiple revisions to improve its capability.
njRAT can be delivered through a number of methods, including; spam or phishing campaigns, drive-by-download, watering hole attacks or disguised as a legitimate application.
njRat may run silently in the background and may not provide any indication of infection to the user. Backdoor.NJRat may also disable Antivirus programs and other Microsoft Windows security features.
Once installed on a device, njRAT has the capability to:
- download and execute files
- collect system information
- obtain and transmit passwords
- edit registry keys
- create and delete processes
- open a chat window
URL’s To Block
abdalmalikessi.ddns.net
abliis.ddns.net
abyssmedia.com
alihakrz.ddns.net
aliking123.ddns.net
all2chat.systems
amerkad19.ddns.net
antih4ckers616.ddns.net
azulinh0.ddns.net
bongdacongdong.vn
by-sabotage123.duckdns.org
checkip.dyndns.org
cs-viewer.ru
darkfag1337.hopto.org
dev-point.com
diabo.ddns.net
dinnhohack.duckdns.org
dzad.ddns.net
facefouk0010.ddns.net
hakerz123.ddns.net
hakrbatna.hopto.org
helloman.ddnsking.com
lukkzhacking.ddns.net
mamidou123.ddns.net
mamoon.ddns.net
midireccionnoip.ddns.net
mstlg8.hopto.org
nosing.duckdns.org
qqaazzz.myftp.biz
reamemad33.ddns.net
ronymahmoud53.ddns.net
sos92.myftp.biz
trojanlammer.ddns.net
trojanoriginal.blogspot.com
vitimaslokas.ddns.net
wilyam30.ddns.net
windowsuport.duckdns.org
Email Addresses To Block
| admin@somesome[.]com |
| ahmoud[.]elnagar011@yahoo[.]com |
| ajohnson@rpi[.]net[.]au |
| akthabazbaz@yahoo[.]com |
| appro@openssl[.]org |
| asangokil1@gmail[.]com |
| avsupport@autoitscript[.]com |
| b[.]king684@yahoo[.]com |
| barr[.]alexsandrechambers@gmail[.]com |
| biuro@nephax[.]com |
| braddadean@gmail[.]com |
| conoilservice@gmail[.]com |
| cyber_baba2@aol[.]com |
| dgdfrt@aol[.]com |
| dhyatirlagi@gmail[.]com |
| dontplaywithme1221@gmail[.]com |
| electroniclibrary@yahoo[.]com |
| emerging-sigs@lists[.]emergingthreats[.]net |
| fahr3nh3itg3@gmail[.]com |
| fantomd12@yandex[.]ru |
| fikarabdul@gmail[.]com |
| freepowah@hotmail[.]com |
| fs@w[.]de |
| ftp@example[.]com |
| fud@india[.]com |
| gerhanaantho@gmail[.]com |
| hack4you29@gmail[.]com |
| hackeronline7861@gmail[.]com |
| hackers024@gmail[.]com |
| hakops[.]satis@gmail[.]com |
| halimawkinze@gmail[.]com |
| hanifcolep@gmail[.]com |
| hfghsdffrt@aol[.]com |
| htetaung305@gmail[.]com |
| imanagu512@gmail[.]com |
| info@fidelissecurity[.]com |
| javipatch@gmail[.]com |
| jeremyahjoel@gmail[.]com |
| jseward@bzip[.]org |
| k2ll33d@live[.]fr |
| k3rama7@fbi[.]gov |
| katie_beck@symantec[.]com |
| kenaso@tx[.]rr[.]com |
| kutsalion1@gmail[.]com |
| mozaaztec887@gmail[.]com |
| mubiace@ddns[.]net |
| mudewoto1@gmail[.]com |
| mx@w[.]gy |
| no@no[.]com |
| o@b[.]sy |
| office@assadcrimes[.]info |
| p@u[.]az |
| pbtumbal@gmail[.]com |
| pchunter@epoolsoft[.]com |
| picerscandra@gmail[.]com |
| port22cyber@gmail[.]com |
| port22exploded@gmail[.]com |
| probation[.]child@gmail[.]com |
| rezaheryawan80@gmail[.]com |
| ricoramadhan1995@gmail[.]com |
| rikudosenin56@gmail[.]com |
| robert@blackcastlesoft[.]com |
| servet06@thtmoderasyon[.]com |
| smileysdick@yahoo[.]com |
| support@abyssmedia[.]com |
| support@awinstall[.]com |
| support@nirsoft[.]net |
| suruiqiang@msn[.]com |
| tamaradara888@gmail[.]com |
| taylorgolan1@gmail[.]com |
| tdewan@zscaler[.]com |
| tharun[.]playon@gmai[.]com |
| theshant2012@gmail[.]com |
| translation@heidoc[.]net |
| undersotto93@gmail[.]com |
| vijay[.]kumar2810@gmail[.]com |
| vrpn@cs[.]unc[.]edu |
| xarilu@creazionisa[.]com |
| xredline1@gmail[.]com |
| xredline2@gmail[.]com |
| xredline3@gmail[.]com |
| y@8[.]th |
| yepee3@gmail[.]com |
| zackhyomi31@gmail[.]com |
| zehirhacker@hotmail[.]com |
Duncan is a technology professional with over 20 years experience of working in various IT roles. He has a interest in cyber security, and has a wide range of other skills in radio, electronics and telecommunications.