Ninja

Description

(Kaspersky) Based on the code logic, it appears that Ninja is a collaborative tool allowing multiple operators to work on the same machine simultaneously. It provides a large set of commands, which allow the attackers to control remote systems, avoid detection and penetrate deep inside a targeted network. Some capabilities are similar to those provided in other notorious post-exploitation toolkits. For example, Ninja has a feature like Cobalt Strike pivot listeners, which can limit the number of direct connections from the targeted network to the remote C2 and control systems without internet access. It also provides the ability to control the HTTP indicators and camouflage malicious traffic in HTTP requests that appear legitimate by modifying HTTP header and URL paths. This feature provides functionality that reminds us of the Cobalt Strike Malleable C2 profile.

Names

Name
Ninja

Type

Reconnaissance
Backdoor
Loader
Tunneling

Information

https://securelist.com/toddycat/106799/

Mitre Attack

https://attack.mitre.org/software/S1100

Other Information

Uuid

e92858ba-2397-47a2-8861-a72cecfbb672

Last Card Change

2024-06-19

Threat Intelligence Garden

Explorer

Ninja

Ninja

Description

Names

Category

Type

Information

Mitre Attack

Other Information

Uuid

Last Card Change

Graph View

Table of Contents

Backlinks