Malware: Nightdoor

Description

[Nightdoor](https://attack.mitre.org/software/S1147) is a backdoor exclusively associated with [Daggerfly](https://attack.mitre.org/groups/G1034) operations. [Nightdoor](https://attack.mitre.org/software/S1147) uses common libraries with [MgBot](https://attack.mitre.org/software/S1146) and [MacMa](https://attack.mitre.org/software/S1016), linking these malware families together.(Citation: ESET EvasivePanda 2024)(Citation: Symantec Daggerfly 2024)

External References

• mitre-attack
• ESET EvasivePanda 2024
• Symantec Daggerfly 2024

Techniques Used by This Malware

• T1016 — System Network Configuration Discovery
• T1033 — System Owner/User Discovery
• T1053.005 — Scheduled Task
• T1057 — Process Discovery
• T1059.003 — Windows Command Shell
• T1070.004 — File Deletion
• T1071 — Application Layer Protocol
• T1082 — System Information Discovery
• T1102 — Web Service
• T1124 — System Time Discovery
• T1140 — Deobfuscate/Decode Files or Information
• T1497.001 — System Checks
• T1574 — Hijack Execution Flow

APT Groups Using This Malware

• Daggerfly