 |
สำนักงานพัฒนาธุรกรรมทางอิเล็กทรอนิกส์ Electronic Transactions Development Agency |
|
สำนักงานพัฒนาธุรกรรมทางอิเล็กทรอนิกส์ Electronic Transactions Development Agency |
Tool: Ninja| Names | Ninja | |
| Category | Malware | |
| Type | Reconnaissance, Backdoor, Loader, Tunneling | |
| Description | (Kaspersky) Based on the code logic, it appears that Ninja is a collaborative tool allowing multiple operators to work on the same machine simultaneously. It provides a large set of commands, which allow the attackers to control remote systems, avoid detection and penetrate deep inside a targeted network. Some capabilities are similar to those provided in other notorious post-exploitation toolkits. For example, Ninja has a feature like Cobalt Strike pivot listeners, which can limit the number of direct connections from the targeted network to the remote C2 and control systems without internet access. It also provides the ability to control the HTTP indicators and camouflage malicious traffic in HTTP requests that appear legitimate by modifying HTTP header and URL paths. This feature provides functionality that reminds us of the Cobalt Strike Malleable C2 profile. | |
| Information | <https://securelist.com/toddycat/106799/> | |
| MITRE ATT&CK | <https://attack.mitre.org/software/S1100> | |
Last change to this tool card: 19 June 2024
Download this tool card in JSON format
| Changed | Name | Country | Observed | ||
APT groups | |||||
| ToddyCat |  | 2020-2021 | |||
1 group listed (1 APT, 0 other, 0 unknown)
|
Digital Service Security Center Follow us on
|
Report incidents |
|
 |
+66 (0)2-123-1227 | |
 |
[email protected] | |