ETDA สำนักงานพัฒนาธุรกรรมทางอิเล็กทรอนิกส์
Electronic Transactions Development Agency
Report
Search
Home > List all groups > List all tools > List all groups using tool HKDOOR

Threat Group Cards: A Threat Actor Encyclopedia

Permanent link Tool: HKDOOR

NamesHKDOOR
CategoryMalware
TypeReconnaissance, Backdoor, Credential stealer, Info stealer
Description(Cylance) The RAT comprises a backdoor and rootkit component, and once active allows for a typical set of remote commands, including:

• Gathering system information
• Grabbing screenshots and files
• Downloading additional files
• Running other processes and commands
• Listing and killing processes
• Opening Telnet and RDP servers
• Extracting Windows credentials from the current session

The sample of “Hacker’s Door” analyzed by Cylance was signed with a stolen certificate, known to be used by the Winnti APT group. Its discovery within an environment is a clear indication of a broader compromise.
Information<https://threatvector.cylance.com/en_us/home/threat-spotlight-opening-hackers-door.html>
AlienVault OTX<https://otx.alienvault.com/browse/pulses?q=tag:hkdoor>

Last change to this tool card: 20 April 2020

Download this tool card in JSON format

Previous: Hisoka
Next: Hodur

All groups using tool HKDOOR

ChangedNameCountryObserved

APT groups

XAPT 41China2012-Feb 2023X

1 group listed (1 APT, 0 other, 0 unknown)

Digital Service Security Center
Electronic Transactions Development Agency

Follow us on

Facebook Twitter

Report incidents

Telephone +66 (0)2-123-1227
E-mail [email protected]