Nidiran

Malware Profile Updated 3 months ago
Download STIX
Preview STIX
Nidiran is a form of malware, a harmful software designed to exploit and damage computer systems, often infiltrating systems through suspicious downloads, emails, or websites without the user's knowledge. Nidiran was utilized by Suckfly, a cybercriminal group, in their attacks, where they delivered it through a strategic web compromise. The Nidiran backdoor enabled Suckfly to infect victims' internal hosts and steal information about the compromised organization. However, it remains unclear if Suckfly succeeded in stealing additional data. On April 22, 2015, Suckfly exploited a vulnerability in the targeted employee's Windows operating system, which allowed them to bypass User Account Control and install the Nidiran backdoor, thereby gaining access for their attack. Post-exploitation, Nidiran was delivered via a self-extracting executable that extracted its components to a .tmp folder once executed. This delivery method was part of Suckfly's established modus operandi, using a combination of hacktools and backdoors like Nidiran to achieve their objectives. In-depth analysis of Suckfly malware samples led to the extraction of some communications between the Nidiran backdoor and the Suckfly command and control (C&C) domains. Interestingly, the port and C&C information were found to be encrypted and hardcoded into the Nidiran malware itself. Despite the sophisticated nature of these attacks, the successful analysis of these samples provides valuable insights into the tactics, techniques, and procedures employed by Suckfly, aiding in the development of more effective defenses against such threats.
What's your take? (Question 1 of 5)
Help tune the shared Cybergeist dataset, assist your peers, and earn karma. Expand the panel to get started.
Possible Aliases / Cluster overlaps
It's hard to track cluster overlaps and naming conventions between vendors, so here are some possible overlapping names / profiles you also may want to look at.
IDVotesProfile Description
Miscellaneous Associations
Other elements of context that could aid in the identification of relevance
Exploit
exploited
Vulnerability
Windows
Malware
Associated Malware
To see the evidence that has resulted in this association, create a free account
IDTypeVotesProfile Description
No associations to display
Associated Threat Actors
To see the evidence that has resulted in this association, create a free account
IDTypeVotesProfile Description
SuckflyUnspecified
1
Suckfly, an advanced threat group, has been identified as conducting targeted attacks using multiple stolen certificates, hacktools, and custom malware. This group is not the only one to use certificates to sign malware, but they are possibly the most prolific collectors of them. The group's broad a
Associated Vulnerabilities
To see the evidence that has resulted in this association, create a free account
IDTypeVotesProfile Description
No associations to display
Source Document References
Information about the Nidiran Malware was read from the documents corpus below. This display is limited to 20 results, create a free account to see more
SourceCreatedAtTitle
MITRE
a year ago
Endpoint Protection - Symantec Enterprise
MITRE
a year ago
Endpoint Protection - Symantec Enterprise