HKDOOR

Description

(Cylance) The RAT comprises a backdoor and rootkit component, and once active allows for a typical set of remote commands, including:

• Gathering system information • Grabbing screenshots and files • Downloading additional files • Running other processes and commands • Listing and killing processes • Opening Telnet and RDP servers • Extracting Windows credentials from the current session

The sample of “Hacker’s Door” analyzed by Cylance was signed with a stolen certificate, known to be used by the Winnti APT group. Its discovery within an environment is a clear indication of a broader compromise.

Names

Name
HKDOOR

Type

Reconnaissance
Backdoor
Credential stealer
Info stealer

Information

https://threatvector.cylance.com/en_us/home/threat-spotlight-opening-hackers-door.html

Alienvault Otx

https://otx.alienvault.com/browse/pulses?q=tag:hkdoor

Other Information

Uuid

19d36994-3bb2-4f63-84db-15b30e3a1f2f

Last Card Change

2020-04-20

Threat Intelligence Garden

Explorer

HKDOOR

HKDOOR

Description

Names

Category

Type

Information

Alienvault Otx

Other Information

Uuid

Last Card Change

Graph View

Table of Contents

Backlinks