Nidiran

Nidiran is a custom backdoor developed and used by Suckfly. It has been delivered via strategic web compromise. [1]

ID: S0118
Associated Software: Backdoor.Nidiran

Type: MALWARE
Platforms: Windows

Version: 1.0

Techniques Used

DomainIDNameUse
EnterpriseT1043Commonly Used PortNidiran communicates with its C2 domain over ports 443 and 8443.[2]
EnterpriseT1036MasqueradingNidiran can create a new service named msamger (Microsoft Security Accounts Manager), which mimics the legitimate Microsoft database by the same name.[3][4]
EnterpriseT1050New ServiceNidiran can create a new service named msamger (Microsoft Security Accounts Manager).[3]
EnterpriseT1105Remote File CopyNidiran can download and execute files.[3]
EnterpriseT1032Standard Cryptographic ProtocolNidiran uses RC4 to encrypt C2 traffic.[2]

Groups

Groups that use this software:

Suckfly

References