I spotted new Njrat[1] samples that (ab)use the Microsoft dev tunnels[2] service to connect to their C2 servers. This is a service that allows developers to expose local services to the Internet securely for testing, debugging, and collaboration. It provides temporary, public, or private URLs that will enable remote access to a development environment without deploying code to production. Dev tunnels create a secure, temporary URL that maps to a local service running on your machine, they work across firewalls and NAT, and their access can be restricted. This is a service similar to the good old ngrok[3].
This article has been indexed from SANS Internet Storm Center, InfoCON: green