สำนักงานพัฒนาธุรกรรมทางอิเล็กทรอนิกส์
Electronic Transactions Development Agency

Report

Home > List all groups > List all tools > List all groups using tool HKDOOR

Threat Group Cards: A Threat Actor Encyclopedia

Tool: HKDOOR

Names	HKDOOR
Category	Malware
Type	Reconnaissance, Backdoor, Credential stealer, Info stealer
Description	(Cylance) The RAT comprises a backdoor and rootkit component, and once active allows for a typical set of remote commands, including: • Gathering system information • Grabbing screenshots and files • Downloading additional files • Running other processes and commands • Listing and killing processes • Opening Telnet and RDP servers • Extracting Windows credentials from the current session The sample of “Hacker’s Door” analyzed by Cylance was signed with a stolen certificate, known to be used by the Winnti APT group. Its discovery within an environment is a clear indication of a broader compromise.
Information	<https://threatvector.cylance.com/en_us/home/threat-spotlight-opening-hackers-door.html>
AlienVault OTX	<https://otx.alienvault.com/browse/pulses?q=tag:hkdoor>

Last change to this tool card: 20 April 2020

Download this tool card in JSON format

Previous: Hisoka
Next: Hodur

All groups using tool HKDOOR

Changed	Name	Country	Observed
APT groups
	APT 41		2012-Aug 2024

1 group listed (1 APT, 0 other, 0 unknown)

Digital Service Security Center
Electronic Transactions Development Agency

Follow us on

Report incidents

+66 (0)2-123-1227

[email protected]