Nightdoor

Description

(ESET) The backdoor that we have named Nightdoor (and is named NetMM by the malware authors according to PDB paths) is a late addition to Evasive Panda’s toolset. Our earliest knowledge of Nightdoor goes back to 2020, when Evasive Panda deployed it onto a machine of a high-profile target in Vietnam. The backdoor communicates with its C&C server via UDP or the Google Drive API. The Nightdoor implant from this campaign used the latter. It encrypts a Google API OAuth 2.0 token within the data section and uses the token to access the attacker’s Google Drive. We have requested that the Google account associated with this token be taken down.

Names

Name
Nightdoor
NetMM
Suzafk

Type

Backdoor

Information

https://www.welivesecurity.com/en/eset-research/evasive-panda-leverages-monlam-festival-target-tibetans/
https://symantec-enterprise-blogs.security.com/threat-intelligence/daggerfly-espionage-updated-toolset

Mitre Attack

https://attack.mitre.org/software/S1147

Malpedia

https://malpedia.caad.fkie.fraunhofer.de/details/win.nightdoor

Other Information

Uuid

43a3efa0-ab8e-4404-8416-f2629a7026e3

Last Card Change

2024-12-27

Threat Intelligence Garden

Explorer

Nightdoor

Nightdoor

Description

Names

Category

Type

Information

Mitre Attack

Malpedia

Other Information

Uuid

Last Card Change

Graph View

Table of Contents

Backlinks