Home/njRAT/IOCs
IOCs

Indicators for njRAT

62 indicators · scoped to malware families · back to njRAT
Live IOCs from URLhaus, ThreatFox, MalwareBazaar, and abuse.ch SSLBL for malware families this tool uses. All indicators are defanged for safe handling.

Indicators

62 of 62
url
hxxps://github.com/demarcusnofatherington420-a11y/ScriptInstaller/raw/refs/heads/main/Puls
family njRAT source urlhaus first seen 2026-04-09 06:18:10 UTC
VirusTotalurlscanOTXURLhausPulsedive
url
hxxps://github.com/demarcusnofatherington420-a11y/RickOwens/raw/refs/heads/main/Pulsar-Cli
family njRAT source urlhaus first seen 2026-04-09 06:17:09 UTC
VirusTotalurlscanOTXURLhausPulsedive
sslbl_sha1
decc8cd1ba84392f1054e0d1394f4f0a9f64b7fa
family njrat source sslbl first seen 2026-04-09 05:42:43
VirusTotalOTX
sslbl_sha1
8cbc88ff795519ad5ad074eb520438922f8d3773
family njrat source sslbl first seen 2026-04-09 05:42:43
VirusTotalOTX
sslbl_sha1
f978cf56a838e9821b699784c9650a0baacdb528
family njrat source sslbl first seen 2026-03-30 06:46:12
VirusTotalOTX
sslbl_sha1
80bcab6a0fbe3162130168bd93efc26fd3ec6490
family njrat source sslbl first seen 2026-03-30 06:46:10
VirusTotalOTX
url
hxxp://196.251.107.24/n743.exe
family njRAT source urlhaus first seen 2026-03-17 15:44:06 UTC
VirusTotalurlscanOTXURLhausPulsedive
url
hxxp://85.137.253.58:9000/csrss.exe
family njRAT source urlhaus first seen 2026-03-10 15:56:08 UTC
VirusTotalurlscanOTXURLhausPulsedive
url
hxxp://216.126.239.100/bt/svchost.exe
family njRAT source urlhaus first seen 2026-03-08 09:44:15 UTC
VirusTotalurlscanOTXURLhausPulsedive
url
hxxp://94.156.102.255/files/coolfile.exe
family njRAT source urlhaus first seen 2026-03-06 14:50:10 UTC
VirusTotalurlscanOTXURLhausPulsedive
url
hxxp://94.156.102.255/files/mswincryptographdata.exe
family njRAT source urlhaus first seen 2026-03-06 14:50:10 UTC
VirusTotalurlscanOTXURLhausPulsedive
url
hxxp://94.156.102.255/files/totallynotavirus.exe
family njRAT source urlhaus first seen 2026-03-06 14:50:09 UTC
VirusTotalurlscanOTXURLhausPulsedive
url
hxxps://raw.githubusercontent.com/stevencohn8888-max/ghghg/refs/heads/main/SECURE.Ps1
family njRAT source urlhaus first seen 2026-02-23 19:04:06 UTC
VirusTotalurlscanOTXURLhausPulsedive
url
hxxps://raw.githubusercontent.com/stevencohn8888-max/ghjjhj/refs/heads/main/ENCRYPT.Ps1
family njRAT source urlhaus first seen 2026-02-23 19:04:05 UTC
VirusTotalurlscanOTXURLhausPulsedive
url
hxxps://raw.githubusercontent.com/stevencohn8888-max/NEW8933/refs/heads/main/SECURE.Ps1
family njRAT source urlhaus first seen 2026-02-23 19:02:05 UTC
VirusTotalurlscanOTXURLhausPulsedive
sslbl_sha1
75f7cde979b32caa86130131435763d5f78cca06
family njrat source sslbl first seen 2025-06-16 12:06:56
VirusTotalOTX
sslbl_sha1
916509400d6f6be6c1e7bb743eec65fbe09dde21
family njrat source sslbl first seen 2025-06-11 19:58:24
VirusTotalOTX
url
hxxps://github.com/cybertoxin/Remcos-Professional-Cracked-By-Alcatraz3222/raw/master/Remco
family njRAT source urlhaus first seen 2025-06-10 08:38:16 UTC
VirusTotalurlscanOTXURLhausPulsedive
url
hxxps://raw.githubusercontent.com/iluxa94/-3-/main/%D0%A4%D0%BE%D1%80%D0%BC%D0%B0%203%D0%9
family njRAT source urlhaus first seen 2025-06-04 20:18:05 UTC
VirusTotalurlscanOTXURLhausPulsedive
url
hxxps://raw.githubusercontent.com/iluxa94/-3-/refs/heads/main/%D0%A4%D0%BE%D1%80%D0%BC%D0%
family njRAT source urlhaus first seen 2025-02-10 17:48:07 UTC
VirusTotalurlscanOTXURLhausPulsedive
url
hxxps://github.com/ff245185/payload/raw/refs/heads/main/Fast%20Download.exe
family njRAT source urlhaus first seen 2025-01-30 00:50:07 UTC
VirusTotalurlscanOTXURLhausPulsedive
url
hxxps://github.com/Grozniy1/folder/raw/refs/heads/main/444.exe
family njRAT source urlhaus first seen 2025-01-30 00:50:07 UTC
VirusTotalurlscanOTXURLhausPulsedive
url
hxxps://raw.githubusercontent.com/ff245185/payload/refs/heads/main/Fast%20Download.exe
family njRAT source urlhaus first seen 2024-12-18 07:19:20 UTC
VirusTotalurlscanOTXURLhausPulsedive
url
hxxps://raw.githubusercontent.com/Grozniy1/folder/refs/heads/main/444.exe
family njRAT source urlhaus first seen 2024-12-18 07:19:16 UTC
VirusTotalurlscanOTXURLhausPulsedive
url
hxxp://github.com/Grozniy1/folder/raw/refs/heads/main/444.exe
family njRAT source urlhaus first seen 2024-12-16 07:51:33 UTC
VirusTotalurlscanOTXURLhausPulsedive
url
hxxp://github.com/ff245185/payload/raw/refs/heads/main/Fast%20Download.exe
family njRAT source urlhaus first seen 2024-12-16 07:51:11 UTC
VirusTotalurlscanOTXURLhausPulsedive
sslbl_sha1
8765d36a75e38174fd744d91deef9f3432b3f0d6
family njrat source sslbl first seen 2024-12-08 08:03:33
VirusTotalOTX
url
hxxps://raw.githubusercontent.com/Da2dalus/The-MALWARE-Repo/refs/heads/master/RAT/NJRat.ex
family njRAT source urlhaus first seen 2024-10-23 06:57:05 UTC
VirusTotalurlscanOTXURLhausPulsedive
url
hxxps://raw.githubusercontent.com/ff245185/payload/main/Fast%20Download.exe
family njRAT source urlhaus first seen 2024-10-16 16:38:45 UTC
VirusTotalurlscanOTXURLhausPulsedive
url
hxxps://raw.githubusercontent.com/Grozniy1/folder/main/444.exe
family njRAT source urlhaus first seen 2024-10-16 16:38:42 UTC
VirusTotalurlscanOTXURLhausPulsedive
url
hxxp://github.com/Da2dalus/The-MALWARE-Repo/blob/master/RAT/NJRat.exe?raw=true
family njRAT source urlhaus first seen 2024-10-16 16:37:10 UTC
VirusTotalurlscanOTXURLhausPulsedive
sslbl_sha1
66b40d248f57b2b2422f3300d15fd11076f47e6a
family njrat source sslbl first seen 2024-10-16 06:26:35
VirusTotalOTX
sslbl_sha1
003becd9037138c2ba7185abc0da32677c7ebef5
family njrat source sslbl first seen 2024-01-12 09:57:01
VirusTotalOTX
sslbl_sha1
327bb0d9abdff7b4c0ac35341275435104b5d5bf
family njrat source sslbl first seen 2021-02-12 07:45:13
VirusTotalOTX
sslbl_sha1
6dc62ba3d443223e31c419bc41882902663d5833
family njrat source sslbl first seen 2021-01-18 06:53:30
VirusTotalOTX
sslbl_sha1
ecbcd841f33ec6a40a26f3ff77e0e18f8a7e4949
family njrat source sslbl first seen 2019-07-04 06:38:45
VirusTotalOTX
url
hxxp://static.ilclock.com/gcld/updates_tw/gcmgr_tw.exe
family njRAT source urlhaus first seen 2019-01-25 08:53:17 UTC
VirusTotalurlscanOTXURLhausPulsedive
domain
k7elan-43083[.]portmap[.]host
family NjRAT source threatfox
VirusTotalOTXurlscancrt.shSecurityTrailsTalosPulsedive
domain
1brainfix[.]ddns[.]net
family NjRAT source threatfox
VirusTotalOTXurlscancrt.shSecurityTrailsTalosPulsedive
domain
test[.]accendente[.]tn
family NjRAT source threatfox
VirusTotalOTXurlscancrt.shSecurityTrailsTalosPulsedive
domain
2ffahbg8eydhr96hx3x2lje2ymygt5iq[.]duckdns[.]org
family NjRAT source threatfox
VirusTotalOTXurlscancrt.shSecurityTrailsTalosPulsedive
domain
shadownbr[.]ddns[.]net
family NjRAT source threatfox
VirusTotalOTXurlscancrt.shSecurityTrailsTalosPulsedive
domain
ricardotro[.]duckdns[.]org
family NjRAT source threatfox
VirusTotalOTXurlscancrt.shSecurityTrailsTalosPulsedive
domain
rjnfjrtc[.]pwrp[.]cc
family NjRAT source threatfox
VirusTotalOTXurlscancrt.shSecurityTrailsTalosPulsedive
domain
rdntotoso[.]ddns[.]net
family NjRAT source threatfox
VirusTotalOTXurlscancrt.shSecurityTrailsTalosPulsedive
domain
phishing[.]two-i[.]com
family NjRAT source threatfox
VirusTotalOTXurlscancrt.shSecurityTrailsTalosPulsedive
domain
phishing[.]researchinstitute[.]io
family NjRAT source threatfox
VirusTotalOTXurlscancrt.shSecurityTrailsTalosPulsedive
domain
kad77[.]duckdns[.]org
family NjRAT source threatfox
VirusTotalOTXurlscancrt.shSecurityTrailsTalosPulsedive
domain
googlednsv1[.]gleeze[.]com
family NjRAT source threatfox
VirusTotalOTXurlscancrt.shSecurityTrailsTalosPulsedive
domain
same53-51830[.]portmap[.]host
family NjRAT source threatfox
VirusTotalOTXurlscancrt.shSecurityTrailsTalosPulsedive
domain
phishing[.]classofcovid[.]org
family NjRAT source threatfox
VirusTotalOTXurlscancrt.shSecurityTrailsTalosPulsedive
domain
stoneaged[.]ddns[.]net
family NjRAT source threatfox
VirusTotalOTXurlscancrt.shSecurityTrailsTalosPulsedive
domain
phishing[.]clubmilanovolley[.]com
family NjRAT source threatfox
VirusTotalOTXurlscancrt.shSecurityTrailsTalosPulsedive
domain
phishing[.]marthasvineyardfitness[.]com
family NjRAT source threatfox
VirusTotalOTXurlscancrt.shSecurityTrailsTalosPulsedive
domain
fuck-life007[.]no-ip[.]biz
family NjRAT source threatfox
VirusTotalOTXurlscancrt.shSecurityTrailsTalosPulsedive
domain
phishing[.]flyingdiscranchdates[.]com
family NjRAT source threatfox
VirusTotalOTXurlscancrt.shSecurityTrailsTalosPulsedive
domain
hacker[.]two-i[.]com
family NjRAT source threatfox
VirusTotalOTXurlscancrt.shSecurityTrailsTalosPulsedive
domain
phishing[.]www[.]cathedrale-images[.]com
family NjRAT source threatfox
VirusTotalOTXurlscancrt.shSecurityTrailsTalosPulsedive
domain
phishing[.]xoilacane[.]live
family NjRAT source threatfox
VirusTotalOTXurlscancrt.shSecurityTrailsTalosPulsedive
domain
mangy10[.]ddns[.]net
family NjRAT source threatfox
VirusTotalOTXurlscancrt.shSecurityTrailsTalosPulsedive
ip:port
141[.]94[.]45[.]153:34951
family NjRAT source threatfox
VirusTotalAbuseIPDBShodanGreyNoiseOTXCensysTalosPulsedive
ip:port
213[.]109[.]192[.]63:44549
family NjRAT source threatfox
VirusTotalAbuseIPDBShodanGreyNoiseOTXCensysTalosPulsedive
Showing 1-62 of 62
Prev 1 Next
SOC and Response
CVE triage
Stack monitoring
Am I affected
IOC triage
KEV catalog
Recently exploited
Daily brief
Change tracking
Detection Engineering
Coverage workspace
Detection coverage
Coverage check
Telemetry ceiling
SIEM query builder
Sigma rules
SIEM rules
YARA rules
Network rules
D3FEND
Threat Hunting
Threat actors
ATT&CK techniques
Attack paths
Indicators
Atomic tests
Red Team and Pentest
Exploitability triage
Recon pack
Attack paths
CAPEC patterns
Adversary emulation
Compliance and GRC
Framework mapping
Control assessment
Audit view
Atlas Search Threat actors Techniques Tools & malware CWE CAPEC KEV catalog Package vulns
About All capabilities Pricing API docs Privacy policy Terms of service
threatengine.sh