Ninja
MITREOther
Unknown
Unknown
[Ninja](https://attack.mitre.org/software/S1100) is a malware developed in C++ that has been used by [ToddyCat](https://attack.mitre.org/groups/G1022) to penetrate networks and control remote systems since at least 2020. [Ninja](https://attack.mitre.org/software/S1100) is possibly part of a post exploitation toolkit exclusively used by [ToddyCat](https://attack.mitre.org/groups/G1022) and allows multiple operators to work simultaneously on the same machine. [Ninja](https://attack.mitre.org/software/S1100) has been used against government and military entities in Europe and Asia and observed in specific infection chains being deployed by [Samurai](https://attack.mitre.org/software/S1099).(Citation: Kaspersky ToddyCat June 2022)
Tecniche Associate (28)
| ID | ATT&CK | Tattiche |
|---|---|---|
| T1001 | Data Obfuscation | - |
| T1001.003 | Protocol or Service Impersonation | - |
| T1016 | System Network Configuration Discovery | - |
| T1027.013 | Encrypted/Encoded File | - |
| T1027.015 | Compression | - |
| T1029 | Scheduled Transfer | - |
| T1036.005 | Match Legitimate Resource Name or Location | - |
| T1055 | Process Injection | - |
| T1057 | Process Discovery | - |
| T1070.006 | Timestomp | - |
| T1071.001 | Web Protocols | - |
| T1082 | System Information Discovery | - |
| T1083 | File and Directory Discovery | - |
| T1090.001 | Internal Proxy | - |
| T1090.003 | Multi-hop Proxy | - |
Usato da Attori (1)
Metadata
| ID: | 7 |
| Created: | 13/01/2026 17:48 |
| Updated: | 06/03/2026 04:00 |