Naid

Naid is a trojan used by Elderwood to open a backdoor on compromised hosts. [1] [2]

ID: S0205
Aliases: Naid
Type: MALWARE
Platforms: Windows

Version: 1.0

Alias Descriptions

NameDescription
Naid[2]

Techniques Used

DomainIDNameUse
EnterpriseT1043Commonly Used PortNaid connects to external C2 infrastructure over port 443.[2]
EnterpriseT1094Custom Command and Control ProtocolNaid connects to C2 infrastructure and establishes backdoors over a custom communications protocol.[2][3]
EnterpriseT1112Modify RegistryNaid creates Registry entries that store information about a created service and point to a malicious DLL dropped to disk.[2]
EnterpriseT1050New ServiceNaid creates a new service to establish.[2]
EnterpriseT1082System Information DiscoveryNaid collects a unique identifier (UID) from a compromised host.[2]
EnterpriseT1016System Network Configuration DiscoveryNaid collects the domain name from a compromised host.[2]

Groups

Groups that use this software:

Elderwood

References