HDoor

HDoor is a malicious software (malware) that has been publicly available in Chinese forums since 2008. This malware, equipped with full backdoor capabilities, allows operators to perform a variety of tasks, making it a potent threat to computer systems. It can infect systems through suspicious downloads, emails, or websites, often without the user's knowledge. Once infiltrated, HDoor can steal personal information, disrupt operations, or even hold data hostage for ransom. The malware was notably used by Chinese groups like Naikon and Goblin Panda. The attacker executed HDoor using specific command line arguments. This customized version of the Chinese backdoor HDoor has been utilized in several cyber-attacks. Its comprehensive backdoor capabilities enable the operator to perform a multitude of tasks, including stealing sensitive information and disrupting system operations. The software's public availability and its wide range of functionalities make it a significant cybersecurity concern. In addition to HDoor, the threat actor also installed other malicious software such as Cobalt Strike, Quasar RAT, Gh0stCringe - a variant of Gh0st RAT, and Winnti, a multi-functional implant capable of granting remote control to an infected machine. These tools further enhance the attacker's ability to exploit and damage targeted systems, demonstrating the sophistication and broad scope of the threat actor's capabilities.