Skip to content

S0118 Nidiran

Nidiran is a custom backdoor developed and used by Suckfly. It has been delivered via strategic web compromise. 1

Item Value
ID S0118
Associated Names
Type MALWARE
Version 1.1
Created 31 May 2017
Last Modified 15 April 2022
Navigation Layer View In ATT&CK® Navigator

Techniques Used

Domain ID Name Use
enterprise T1543 Create or Modify System Process -
enterprise T1543.003 Windows Service Nidiran can create a new service named msamger (Microsoft Security Accounts Manager).2
enterprise T1105 Ingress Tool Transfer Nidiran can download and execute files.2
enterprise T1036 Masquerading -
enterprise T1036.004 Masquerade Task or Service Nidiran can create a new service named msamger (Microsoft Security Accounts Manager), which mimics the legitimate Microsoft database by the same name.23

Groups That Use This Software

ID Name References
G0039 Suckfly 14

References

Back to top