Tag: njRAT

IOCs: 92.53.120.207 – good.chronic.news – RIG-v EK 79.134.225.49 – hpservice.zapto.org – Post-infection traffic via TCP port 5044 DNS query for hpservice.zapto.org, response from authoritative NS: nf1.no-ip.com nf2.no-ip.com nf3.no-ip.com nf4.no-ip.com Traffic: Hashes: SHA256: 7334e5f058f0ae9a0bbe073da49bb155255855705907ea84fa40098994ba3c27 File name: Flash Exploit RIG-v.swf SHA256: 51ce2615b3b0784f55d03d1ba3f77d13aaca40931c72df750b0e298edaf6e3c4 File name: ETTYUADAF SHA256: 01028a0702188f86b8c743cb3af891073df63310e4f3013ae7aeba0aee01e40e File name: rad94DC8.tmp.exe, drivupdater.exe Hybrid-Analysis Submission Infection Chain: I have ...