Nightdoor

Malware Profile Updated 2 months ago
Download STIX
Preview STIX
Nightdoor is a complex and malicious software (malware) that was introduced in 2020 by the Evasive Panda Advanced Persistent Threat (APT) group, which is linked to China. This malware communicates with a command-and-control server to issue commands, upload data, and create a reverse shell, effectively turning the victim's machine into an "open book." It has been used alongside another malware known as MgBot, which is exclusively used by Evasive Panda. The variety of attack vectors that Evasive Panda can perform using Nightdoor and MgBot makes them technically significant, even though they are a relatively small team. The Evasive Panda APT group has been observed targeting Tibetans in several countries and territories with payloads that included Nightdoor. They have employed a mix of known and unknown tools, including Nightdoor and MgBot, to infect visitors to specific websites from certain global geographies. The attackers deploy droppers and backdoors, such as Nightdoor and MgBot, to gain control over the victims' systems. The exact information the group seeks remains unclear, but once the backdoors are deployed, they have unrestricted access to the victims' data. In conclusion, Nightdoor represents a significant threat due to its complexity and the variety of attack vectors it enables. Its use by the Evasive Panda APT group, particularly in targeted attacks against Tibetans, highlights the growing sophistication of cyber-espionage efforts. As the latest major addition to the group’s toolkit, Nightdoor has been used to target several networks in East Asia, indicating a broadening scope for this China-linked cyber-espionage group.
What's your take? (Question 1 of 5)
Help tune the shared Cybergeist dataset, assist your peers, and earn karma. Expand the panel to get started.
Possible Aliases / Cluster overlaps
It's hard to track cluster overlaps and naming conventions between vendors, so here are some possible overlapping names / profiles you also may want to look at.
IDVotesProfile Description
svchost.exe
1
Svchost.exe is a malware that exploits and damages computer systems by injecting malicious code into various processes. This harmful program can infiltrate your system through suspicious downloads, emails, or websites, often unbeknownst to the user. Once inside, it can steal personal information, di
Miscellaneous Associations
Other elements of context that could aid in the identification of relevance
Backdoor
Evasive
Eset
Windows
Apt
Malware
Downloader
Macos
Dropper
Implant
Payload
Loader
Proxy
Hackread
Associated Malware
To see the evidence that has resulted in this association, create a free account
IDTypeVotesProfile Description
MgbotUnspecified
3
MgBot is a sophisticated malware used exclusively by the threat actor group known as Evasive Panda. This malicious software, which can infiltrate systems through suspicious downloads, emails, or websites, is designed to exploit and damage computer systems without the user's knowledge. Once inside, M
Associated Threat Actors
To see the evidence that has resulted in this association, create a free account
IDTypeVotesProfile Description
Evasive PandaUnspecified
3
Evasive Panda, also known as BRONZE HIGHLAND and Daggerfly, is a threat actor group believed to be aligned with China. This group has been involved in a series of cyberespionage campaigns targeting Tibetans globally, starting from September 2023 or earlier. The group's operations have impacted syste
Associated Vulnerabilities
To see the evidence that has resulted in this association, create a free account
IDTypeVotesProfile Description
No associations to display
Source Document References
Information about the Nightdoor Malware was read from the documents corpus below. This display is limited to 20 results, create a free account to see more
SourceCreatedAtTitle
DARKReading
4 months ago
China-Linked Cyber Spies Blend Watering Hole, Supply Chain Attacks
CERT-EU
4 months ago
Well-equipped, resourced Chinese-backed hacking group targeting Tibetan networks | #hacking | #cybersecurity | #infosec | #comptia | #pentest | #hacker | National Cyber Security Consulting
CERT-EU
4 months ago
China State-Sponsored Spies Hack Site and Target User Systems in Asia
CERT-EU
4 months ago
APT attacks taking aim at Tibetans – Week in security with Tony Anscombe
CERT-EU
4 months ago
Chinese Evasive Panda Targets Tibetans with Nightdoor Backdoor
CERT-EU
4 months ago
China Panda APT Hacking Websites To Infect Windows And MacOS Visitors With Malware | #hacking | #cybersecurity | #infosec | #comptia | #pentest | #hacker | National Cyber Security Consulting
CERT-EU
4 months ago
Cyber Security Week in Review: March 8, 2024
InfoSecurity-magazine
4 months ago
Evasive Panda Targets Tibet With Trojanized Software
CERT-EU
4 months ago
Evasive Panda leverages Monlam Festival to target Tibetans