Malware: RGDoor

Description

[RGDoor](https://attack.mitre.org/software/S0258) is a malicious Internet Information Services (IIS) backdoor developed in the C++ language. [RGDoor](https://attack.mitre.org/software/S0258) has been seen deployed on webservers belonging to the Middle East government organizations. [RGDoor](https://attack.mitre.org/software/S0258) provides backdoor access to compromised IIS servers. (Citation: Unit 42 RGDoor Jan 2018)

External References

• mitre-attack
• Unit 42 RGDoor Jan 2018

Techniques Used by This Malware

• T1033 — System Owner/User Discovery
• T1059.003 — Windows Command Shell
• T1071.001 — Web Protocols
• T1105 — Ingress Tool Transfer
• T1140 — Deobfuscate/Decode Files or Information
• T1505.004 — IIS Components
• T1560.003 — Archive via Custom Method

APT Groups Using This Malware

• OilRig