Nidiran

Nidiran is a custom backdoor developed and used by Suckfly. It has been delivered via strategic web compromise. [1]

ID: S0118
Associated Software: Backdoor.Nidiran
Type: MALWARE
Platforms: Windows
Version: 1.1
Created: 31 May 2017
Last Modified: 15 April 2022

Techniques Used

Domain ID Name Use
Enterprise T1543 .003 Create or Modify System Process: Windows Service

Nidiran can create a new service named msamger (Microsoft Security Accounts Manager).[2]

Enterprise T1105 Ingress Tool Transfer

Nidiran can download and execute files.[2]

Enterprise T1036 .004 Masquerading: Masquerade Task or Service

Nidiran can create a new service named msamger (Microsoft Security Accounts Manager), which mimics the legitimate Microsoft database by the same name.[2][3]

Groups That Use This Software

ID Name References
G0039 Suckfly

[1][4]

References