NJRat (7fb493bb-756b-42a2-8f6d-59e254f4f2cc)
NJRat is a remote access trojan (RAT), first spotted in June 2013 with samples dating back to November 2012. It was developed and is supported by Arabic speakers and mainly used by cybercrime groups against targets in the Middle East. In addition to targeting some governments in the region, the trojan is used to control botnets and conduct other typical cybercrime activity. It infects victims via phishing attacks and drive-by downloads and propagates through infected USB keys or networked drives. It can download and execute additional malware, execute shell commands, read and write registry keys, capture screenshots, log keystrokes, and spy on webcams.
| Cluster A | Galaxy A | Cluster B | Galaxy B | Level |
|---|---|---|---|---|
| Kiler RAT (c01ef312-dfd6-403f-a8b5-67fc11a550a7) | RAT | NJRat (7fb493bb-756b-42a2-8f6d-59e254f4f2cc) | RAT | 1 |