ThaiCERT    ETDA    MDES
Report
Search
Home > List all groups > List all tools > List all groups using tool HKDOOR

Threat Group Cards: A Threat Actor Encyclopedia

Permanent link Tool: HKDOOR

NamesHKDOOR
CategoryMalware
TypeReconnaissance, Backdoor, Credential stealer, Info stealer
Description(Cylance) The RAT comprises a backdoor and rootkit component, and once active allows for a typical set of remote commands, including:

• Gathering system information
• Grabbing screenshots and files
• Downloading additional files
• Running other processes and commands
• Listing and killing processes
• Opening Telnet and RDP servers
• Extracting Windows credentials from the current session

The sample of “Hacker’s Door” analyzed by Cylance was signed with a stolen certificate, known to be used by the Winnti APT group. Its discovery within an environment is a clear indication of a broader compromise.
Information<https://threatvector.cylance.com/en_us/home/threat-spotlight-opening-hackers-door.html>
AlienVault OTX<https://otx.alienvault.com/browse/pulses?q=tag:hkdoor>

Last change to this tool card: 20 April 2020

Download this tool card in JSON format

All groups using tool HKDOOR

ChangedNameCountryObserved

APT groups

 APT 41China2012-Aug 2020 HOTX

1 group listed (1 APT, 0 other, 0 unknown)

Thailand Computer Emergency Response Team (ThaiCERT)
Electronic Transactions Development Agency

Follow us on

Facebook Twitter

Report incidents

Telephone +66 (0)2-123-1234
E-mail report@thaicert.or.th
PGP Download PGP key