S0118 Nidiran
Nidiran is a custom backdoor developed and used by Suckfly. It has been delivered via strategic web compromise. 1
| Item | Value |
|---|---|
| ID | S0118 |
| Associated Names | |
| Type | MALWARE |
| Version | 1.1 |
| Created | 31 May 2017 |
| Last Modified | 15 April 2022 |
| Navigation Layer | View In ATT&CK® Navigator |
Techniques Used
| Domain | ID | Name | Use |
|---|---|---|---|
| enterprise | T1543 | Create or Modify System Process | - |
| enterprise | T1543.003 | Windows Service | Nidiran can create a new service named msamger (Microsoft Security Accounts Manager).2 |
| enterprise | T1105 | Ingress Tool Transfer | Nidiran can download and execute files.2 |
| enterprise | T1036 | Masquerading | - |
| enterprise | T1036.004 | Masquerade Task or Service | Nidiran can create a new service named msamger (Microsoft Security Accounts Manager), which mimics the legitimate Microsoft database by the same name.23 |
Groups That Use This Software
| ID | Name | References |
|---|---|---|
| G0039 | Suckfly | 14 |
References
-
DiMaggio, J. (2016, March 15). Suckfly: Revealing the secret life of your code signing certificates. Retrieved August 3, 2016. ↩↩
-
Sponchioni, R.. (2016, March 11). Backdoor.Nidiran. Retrieved August 3, 2016. ↩↩↩
-
Microsoft. (2006, October 30). How to use the SysKey utility to secure the Windows Security Accounts Manager database. Retrieved August 3, 2016. ↩
-
DiMaggio, J. (2016, May 17). Indian organizations targeted in Suckfly attacks. Retrieved August 3, 2016. ↩