HDoor

Malware Profile Updated 24 days ago
Download STIX
Preview STIX
HDoor is a malicious software (malware) that has been publicly available in Chinese forums since 2008. This malware, equipped with full backdoor capabilities, allows operators to perform a variety of tasks, making it a potent threat to computer systems. It can infect systems through suspicious downloads, emails, or websites, often without the user's knowledge. Once infiltrated, HDoor can steal personal information, disrupt operations, or even hold data hostage for ransom. The malware was notably used by Chinese groups like Naikon and Goblin Panda. The attacker executed HDoor using specific command line arguments. This customized version of the Chinese backdoor HDoor has been utilized in several cyber-attacks. Its comprehensive backdoor capabilities enable the operator to perform a multitude of tasks, including stealing sensitive information and disrupting system operations. The software's public availability and its wide range of functionalities make it a significant cybersecurity concern. In addition to HDoor, the threat actor also installed other malicious software such as Cobalt Strike, Quasar RAT, Gh0stCringe - a variant of Gh0st RAT, and Winnti, a multi-functional implant capable of granting remote control to an infected machine. These tools further enhance the attacker's ability to exploit and damage targeted systems, demonstrating the sophistication and broad scope of the threat actor's capabilities.
What's your take? (Question 1 of 0)
28f40b8f-494a-4224-bbfd-2b5a1d1d9bf8 Help tune the shared Cybergeist dataset, assist your peers, and earn karma. Expand the panel to get started.
Possible Aliases / Cluster overlaps
It's hard to track cluster overlaps and naming conventions between vendors, so here are some possible overlapping names / profiles you also may want to look at.
IDVotesProfile Description
Miscellaneous Associations
Other elements of context that could aid in the identification of relevance
Backdoor
Associated Malware
To see the evidence that has resulted in this association, create a free account
IDTypeVotesProfile Description
No associations to display
Associated Threat Actors
To see the evidence that has resulted in this association, create a free account
IDTypeVotesProfile Description
No associations to display
Associated Vulnerabilities
To see the evidence that has resulted in this association, create a free account
IDTypeVotesProfile Description
No associations to display
Source Document References
Information about the HDoor Malware was read from the documents corpus below. This display is limited to 20 results, create a free account to see more
SourceCreatedAtTitle
Unit42
8 months ago
Persistent Attempts at Cyberespionage Against Southeast Asian Government Target Have Links to Alloy Taurus
CERT-EU
8 months ago
New Report Uncovers 3 Distinct Clusters of China-Nexus Attacks on Southeast Asian Government