Then there is (also known as H-Worm or Bladabindi).
In Q3 2023, security researchers observed Platinum variants incorporating —meaning attackers use NjRAT as a first-stage dropper for ransomware payloads. njrat platinum edition
If you found this analysis useful, share it with your SOC team. For IoCs (Indicators of Compromise) related to the latest Platinum campaign, subscribe to our threat intelligence feed below. Then there is (also known as H-Worm or Bladabindi)
Result: The victim sends crypto to the attacker, sees a valid address in the "Paste" field, and only realizes the fraud days later. Standard NjRAT struggles with modern webcams. Platinum uses ICaptureGraphBuilder2 (DirectShow) to grab frames even when the "Webcam in use" LED is on for some older models. Module 5: Firewall Exfiltration (Windows Defender Exclusion) Upon execution, Platinum runs: powershell Add-MpPreference -ExclusionPath C:\Users\Public\ For IoCs (Indicators of Compromise) related to the