Njrat Campaign Using Microsoft Dev Tunnels
NetmanageIT OpenCTI - opencti.netmanageit.com
SUMMARY :
A new Njrat malware campaign has been detected utilizing Microsoft's dev tunnels service for command and control (C2) communication. This service, designed for developers to securely expose local services to the internet, is being exploited by the malware to establish connections with C2 servers. Two samples were identified with different dev tunnel URLs but identical Import Hashes. The malware sends status updates to the C2 server and can potentially propagate through USB devices. A configuration file extracted from one sample reveals details about the C2 server, ports, and botnet name. The article suggests monitoring DNS logs for 'devtunnels.ms' as a defensive measure against this threat.
OPENCTI LABELS :
njrat,malware campaign,c2 communication,usb propagation,microsoft dev tunnels
Open in NetmanageIT OpenCTI Public Instance with below link!
Use public read only username and password on login page.
NOTE : Use Public READ only user credentials on login page banner.
Njrat Campaign Using Microsoft Dev Tunnels