Backdoor
| 27.03.2026 | BPFdoor | The strategic positioning of covert access within the world’s telecommunication networks | MALWARE | BACKDOOR |
| 15.03.2026 | A0Backdoor | New A0Backdoor Linked to Teams Impersonation and Quick Assist Social Engineering | MALWARE | BACKDOOR |
| 27.02.2026 | Rekoobe Backdoor | Malicious Go “crypto” Module Steals Passwords and Deploys Rekoobe Backdoor | MALWARE | BACKDOOR |
| 27.02.2026 | Dohdoor | New Dohdoor malware campaign targets education and health care | MALWARE | BACKDOOR |
| 18.02.2026 | Keenadu | Divide and conquer: how the new Keenadu backdoor exposed links between major Android botnets | MALWARE | BACKDOOR |
| 15.02.2026 | WAVESHAPER | C++ backdoor that runs as a background daemon, collects host system information, communicates with C2 over HTTP/HTTPS using curl, and downloads and executes follow-on payloads. | MALWARE | BACKDOOR |
| 15.02.2026 | HIDDENCALL | Golang-based backdoor reflectively injected by HYPERCALL that provides hands-on keyboard access, supports command execution and file operations, and deploys additional malware. | MALWARE | BACKDOOR |
| 15.02.2026 | SILENCELIFT | Minimal C/C++ backdoor that beacons host information and lock screen status to a hard-coded C2 server and can interrupt Telegram communications when executed with root privileges. | MALWARE | BACKDOOR |
| 03.02.2026 | Chrysalis Backdoor | The Chrysalis Backdoor: A Deep Dive into Lotus Blossom’s toolkit | MALWARE | BACKDOOR |
| 17.01.2026 | LOTUSLITE | LOTUSLITE: Targeted espionage leveraging geopolitical themes | MALWARE | BACKDOOR |
| 17.12.2025 | Effluence | Remediating Atlassian Confluence servers fails to thwart Effluence backdoor | MALWARE | BACKDOOR |
| 17.12.2025 | RCE backdoor | 4.3 Million Browsers Infected: Inside ShadyPanda's 7-Year Malware Campaign | MALWARE | BACKDOOR |
| 12.12.2025 | NANOREMOTE | The fully-featured backdoor we call NANOREMOTE shares characteristics with malware described in REF7707 and is similar to the FINALDRAFT implant. | MALWARE | BACKDOOR |
| 12.12.2025 | PeerBlight | PeerBlight Linux Backdoor Exploits React2Shell CVE-2025-55182 | MALWARE | BACKDOOR |
| 07.12.2025 | Vshell | A backdoor commonly used by Chinese hacking groups for remote access, post-exploitation activity, and to move laterally through a compromised network. | MALWARE | Backdoor |
| 05.12.2025 | BRICKSTORM Backdoor | The Cybersecurity and Infrastructure Security Agency (CISA), National Security Agency (NSA), and Canadian Centre for Cyber Security (Cyber Centre) assess People’s Republic of China (PRC) state-sponsored cyber actors are using BRICKSTORM malware for long-term persistence on victim systems. V | MALWARE | BACKDOOR |
| 04.11.2025 | SesameOp | SesameOp: Novel backdoor uses OpenAI Assistants API for command and control | MALWARE | Backdoor |
| 01.11.2025 | gokcpdoor | The sophisticated campaign, observed by Sophos, involved the exploitation of CVE-2025-61932 to deliver a known backdoor referred to as | MALWARE | Backdoor |
| 26.10.2025 | Oyster | Rhysida using Oyster Backdoor to deliver ransomware | MALWARE | Backdoor |
| 22.10.2025 | PolarEdge | Defrosting PolarEdge’s Backdoor | MALWARE | Backdoor |
| 04.10.2025 | Oyster/Broomstick | Arctic Wolf has observed a search engine optimization (SEO) poisoning and malvertising campaign promoting malicious websites hosting trojanized versions of legitimate IT tools such as PuTTY and WinSCP. | MALWARE | Backdoor |
| 03.10.2025 | Postmark | First Malicious MCP in the Wild: The Postmark Backdoor That's Stealing Your Emails | MALWARE | Backdoor |
| 27.09.2025 | RainyDay | How RainyDay, Turian and a new PlugX variant abuse DLL search order hijacking | MALWARE | Backdoor |
| 25.09.2025 | BRICKSTORM | Another BRICKSTORM: Stealthy Backdoor Enabling Espionage into Tech and Legal Sectors | MALWARE | BACKDOOR |
| 24.09.2025 | YiBackdoor | YiBackdoor: A New Malware Family With Links to IcedID and Latrodectus | MALWARE | BACKDOOR |
| 12.09.2025 | VBShower | The script uses the same method to erase both its own contents and the contents of the VBShower Launcher copy, which is used solely for the malware’s first run. | MALWARE | BACKDOOR |
| 05.09.2025 | GhostRedirector | GhostRedirector poisons Windows servers: Backdoors with a side of Potatoes | MALWARE | Backdoor |
| 22.08.2025 | CORNFLAKE.V3 | A Cereal Offender: Analyzing the CORNFLAKE.V3 Backdoor | MALWARE | Backdoor |
| 14.08.2025 | PS1Bot | Malvertising campaign leads to PS1Bot, a multi-stage malware framework | MALWARE | Backdoor |
| 16.07.2025 | HazyBeacon | Behind the Clouds: Attackers Targeting Governments in Southeast Asia Implement Novel Covert C2 Communication | MALWARE | BACKDOOR |
| 05.07.2025 | Chisel | Chisel is an open-source project by Jaime Pillora (jpillora) that allows tunneling TCP and UDP connections via HTTP. It is available across platforms and written in Go. | MALWARE | Backdoor |
| 27.06.2025 | ToneShell | ToneShell Backdoor Used to Target Attendees of the IISS Defence Summit | MALWARE | BACKDOOR |
| 27.06.2025 | ToneShell | ToneShell Backdoor Used to Target Attendees of the IISS Defence Summit | MALWARE | BACKDOOR |
| 18.05.2025 | XRed | XRed Backdoor: The Hidden Threat in Trojanized Programs | MALWARE | Backdoor |
| 01.05.2025 | Sheriff | IBM X-Force discovers new Sheriff Backdoor used to target Ukraine | MALWARE | Backdoor |
| 16.04.2025 | BPFDoor | BPFDoor’s Hidden Controller Used Against Asia, Middle East Targets | MALWARE | Backdoor |
| 02.04.2025 | Anubis Backdoor | The Savage Ladybug , also known as FIN7, has developed a new, mildly obfuscated Python-based backdoor called Anubis Backdoor . | MALWARE | Backdoor |
| 01.04.2025 | DarkWisp backdoor | To achieve persistence on infected systems, Water Gamayun employs two distinct backdoors in their campaigns. | MALWARE | Backdoor |
| 01.04.2025 | SilentPrism backdoor | SilentPrism is a backdoor malware designed to achieve persistence, dynamically execute shell commands, and maintain unauthorized remote control of compromised systems. | MALWARE | Backdoor |
| 22.02.2025 | NailaoLocker | Meet NailaoLocker: a ransomware distributed in Europe by ShadowPad and PlugX backdoors | MALWARE | Backdoor |
| 22.02.2025 | Shadowpad | Updated Shadowpad Malware Leads to Ransomware Deployment | MALWARE | Backdoor |
| 18.02.2025 | DEATHLOTUS | A passive CGI backdoor that supports file creation and command execution | MALWARE | Backdoor |
| 18.02.2025 | CUNNINGPIGEON | A backdoor that uses Microsoft Graph API to fetch commands – file and process management, and custom proxy – from mail messages | MALWARE | Backdoor |
| 18.02.2025 | SHADOWGAZE | A passive backdoor reusing listening port from IIS web server | MALWARE | Backdoor |
| 18.02.2025 | Golang Backdoor | Telegram Abused as C2 Channel for New Golang Backdoor | MALWARE | Backdoor |
| 10.02.2025 | Sliver | Not-so-SimpleHelp exploits enabling deployment of Sliver backdoor | MALWARE | Backdoor |
| 25.01.2025 | TorNet | New TorNet backdoor seen in widespread campaign | MALWARE | Backdoor |
| 21.12.2024 | CookiePlus Malware | Lazarus Group Spotted Targeting Nuclear Engineers with CookiePlus Malware | MALWARE | Backdoor |
| 18.12.2024 | FLUX#CONSOLE | Analyzing FLUX#CONSOLE: Using Tax-Themed Lures, Threat Actors Exploit Windows Management Console to Deliver Backdoor Payloads | MALWARE | Backdoor |
| 16.12.2024 | Glutton | Glutton: A New Zero-Detection PHP Backdoor from Winnti Targets Cybercrimals | MALWARE | BACKDOOR |
| 16.12.2024 | Melofee | New Zero-Detection Variant of Melofee Backdoor from Winnti Strikes RHEL 7.9 | MALWARE | BACKDOOR |
| 14.12.2024 | Yokai | New Yokai Side-loaded Backdoor Targets Thai Officials | MALWARE | BACKDOOR |
| 11.12.2024 | Kazuar | Upgraded Kazuar Backdoor Offers Stealthy Power | MALWARE | BACKDOOR |
| 27.09.2024 | FPSpy | Unraveling Sparkling Pisces’s Tool Set: KLogEXE and FPSpy | MALWARE | BACKDOOR |
| 18.09.2024 | MISTPEN | An Offer You Can Refuse: UNC2970 Backdoor Deployment Using Trojanized PDF Reader | MALWARE | Backdoor |
| 09.09.2024 | Loki | Loki: a new private agent for the popular Mythic framework | MALWARE | Backdoor |
| 05.09.2024 | KTLVdoor | Earth Lusca Uses KTLVdoor Backdoor for Multiplatform Intrusion | MALWARE | Backdoor |
| 30.08.2024 | Masquerades | Threat Actors Target the Middle East Using Fake Palo Alto GlobalProtect Tool | MALWARE | Backdoor |
| 30.08.2024 | noMu Backdoor | APT Attack Case Analysis Report Using noMu Backdoor | MALWARE | Backdoor |
| 23.08.2024 | FM11RF08S | MIFARE Classic: exposing the static encrypted nonce variant... and a few hardware backdoors | MALWARE | Backdoor |
| 07.08.2024 | GoGra | Cloud Cover: How Malicious Actors Are Leveraging Cloud Services | MALWARE | Backdoor |
| 05.08.2024 | StormBamboo | StormBamboo Compromises ISP to Abuse Insecure Software Update Mechanisms | MALWARE | Backdoor |
| 03.08.2024 | BITSLOTH | BITS and Bytes: Analyzing BITSLOTH, a newly identified backdoor | MALWARE | Backdoor |
| 20.07.2024 | BUGSLEEP | BugSleep is a backdoor designed to execute the threat actors’ commands and transfer files between the compromised machine and the C&C server. | MALWARE | Backdoor |
| 16.07.2024 | BUGSLEEP | NEW BUGSLEEP BACKDOOR DEPLOYED IN RECENT MUDDYWATER CAMPAIGNS | MALWARE | Backdoor |
| 03.07.2024 | HappyDoor | Kimsuky Group's New Backdoor Appears (HappyDoor) | MALWARE | Backdoor |
| 03.07.2024 | Xctdoor | Xctdoor Malware Used in Attacks Against Korean Companies (Andariel) | MALWARE | Backdoor |
| 17.06.2024 | BadSpace | Backdoor BadSpace delivered by high-ranking infected websites | MALWARE | Backdoor |
| 13.06.2024 | WARMCOOKIE | Dipping into Danger: The WARMCOOKIE backdoor | MALWARE | Backdoor |
| 11.06.2024 | More_eggs | More_eggs Activity Persists Via Fake Job Applicant Lures | MALWARE | Backdoor |
| 18.05.2024 | Springtail | More than one legitimate software package was modified to deliver malware in North Korean group’s recent campaign against South Korean organizations. | MALWARE | Backdoor |
| 03.05.2024 | Wpeeper | Playing Possum: What's the Wpeeper Backdoor Up To? | MALWARE | Backdoor |
| 19.04.2024 | CR4T | CR4t Malware: A Shape-Shifting Threat — Threat Intelligence Report | MALWARE | Backdoor |
| 18.04.2024 | MadMxShell | Malvertising campaign targeting IT teams with MadMxShell | MALWARE | Backdoor |
| 18.04.2024 | Kapeka | Kapeka: A novel backdoor spotted in Eastern Europe | MALWARE | Backdoor |
| 10.04.2024 | Smoke | Smoke and (screen) mirrors: A strange signed backdoor | MALWARE | Backdoor |
| 02.04.2024 | XZ Backdoor | Everything I Know About the XZ Backdoor | MALWARE | Backdoor |
| 02.04.2024 | UNAPIMON | Earth Freybug Uses UNAPIMON for Unhooking Critical APIs | MALWARE | Backdoor |
| 18.03.2024 | OCEANMAP | X-Force’s analysis revealed that OCEANMAP has a strong overlap in both technique and .NET implementation. | MALWARE | Backdoor |
| 11.03.2024 | BianDoor | MALWARE | Backdoor | |
| 02.03.2024 | GTPDOOR | GTPDOOR - A novel backdoor tailored for covert access over the roaming exchange | MALWARE | Backdoor |
| 01.03.2024 | MINIBIKE | A custom backdoor written in C++ capable of file exfiltration and upload, command execution, and more. Communicates using Azure cloud infrastructure. | MALWARE | Backdoor |
| 01.03.2024 | MINIBUS | A custom backdoor that provides a more flexible code-execution interface and enhanced reconnaissance features compared to MINIBIKE | MALWARE | Backdoor |
| 01.03.2024 | LIGHTRAIL | A tunneler, likely based on an open-source Socks4a proxy, that communicates using Azure cloud infrastructure | MALWARE | Backdoor |
| 28.02.2024 | RustDoor | New macOS Backdoor Written in Rust Shows Possible Link with Windows Ransomware Group | MALWARE | Backdoor |
| 21.02.2024 | SysJoker | Sysjoker is a backdoor malware that was first discovered in December 2021 by Intezer. | MALWARE | Backdoor |
| 19.02.2024 | BASICSTAR | Through its managed security services offerings, Volexity routinely identifies spear-phishing campaigns targeting its customers. | MALWARE | Backdoor |
| 17.02.2024 | DeliveryCheck | According to CERT-UA, this malware makes use of XSLT (Extensible Stylesheet Language Transformations) and COM-hijacking. | MALWARE | Backdoor |
| 17.02.2024 | TinyTurla-NG | TinyTurla Next Generation - Turla APT spies on Polish NGOs | MALWARE | Backdoor |
| 17.02.2024 | DSLog | Ivanti Connect Secure: Journey to the core of the DSLog backdoor | MALWARE | Backdoor |
| 10.02.2024 | RustDoor | New MacOS Backdoor Written in Rust Shows Possible Link with Windows Ransomware Group | MALWARE | Backdoor |
| 09.02.2024 | Zardoor | New Zardoor backdoor used in long-term cyber espionage operation targeting an Islamic organization | MALWARE | Backdoor |
| 07.02.2024 | BOLDMOVE | According to Mandiant, this malware family is attributed to potential chinese background and its Linux variant is related to exploitation of Fortinet's SSL-VPN (CVE-2022-42475). | MALWARE | Backdoor |
| 03.02.2024 | HeadLace | ITG05 operations leverage Israel-Hamas conflict lures to deliver Headlace malware | MALWARE | Backdoor |
| 03.02.2024 | DirtyMoe | Securonix Threat Research Security Advisory: Analysis and Detection of STEADY#URSA Attack Campaign Targeting Ukraine Military Dropping New Covert SUBTLE-PAWS PowerShell Backdoor | MALWARE | Backdoor |
| 02.02.2024 | HeadCrab 2.0 | HeadCrab 2.0: Evolving Threat in Redis Malware Landscape | MALWARE | Backdoor |
| 01.02.2024 | EMPTYSPACE | Mandiant has observed UNC4990 leverage EMPTYSPACE (also known as VETTA Loader and BrokerLoader),... | MALWARE | Backdoor |
| 29.01.2024 | LODEINFO | LODEINFO is a fileless malware that has been observed in campaigns that start with spear-phishing emails since December 2019. | MALWARE | Backdoor |
| 28.12.2023 | Rescoms | This threat can give a malicious hacker unauthorized access and control of your PC. | MALWARE | Backdoor |
| 24.12.2023 | FalseFont | Microsoft: Hackers target defense firms with new FalseFont malware | MALWARE | Backdoor |
| 19.12.2023 | SLUB | Who is the Threat Actor Behind Operation Earth Kitsune? | MALWARE | Backdoor |
| 15.12.2023 | NKAbuse | Unveiling NKAbuse: a new multiplatform threat abusing the NKN protocol | MALWARE | Backdoor |
| 13.12.2023 | HeadLace | ITG05 operations leverage Israel-Hamas conflict lures to deliver Headlace malware | MALWARE | Backdoor |
| 02.12.2023 | Agent Racoon | Organizations in the Middle East, Africa, and the U.S. have been targeted by an unknown threat actor to distribute a new backdoor called Agent Racoon. | MALWARE | Backdoor |
| 29.11.2023 | Amadey | Amadey is a botnet that appeared around October 2018 and is being sold for about $500 on Russian-speaking hacking forums. | MALWARE | Backdoor |
| 29.11.2023 | SmokeLoader | The SmokeLoader family is a generic backdoor with a range of capabilities which depend on the modules included in any given build of the malware. | MALWARE | Backdoor |
| 25.11.2023 | SYSJOKER | ISRAEL-HAMAS WAR SPOTLIGHT: SHAKING THE RUST OFF SYSJOKER | MALWARE | Backdoor |
| 21.11.2023 | TONESHELL | My Tea’s not cold. An overview of China’s cyber threat | MALWARE | Backdoor |
| 18.11.2023 | SmokeLoader | Most of the group’s Phobos variants are distributed by SmokeLoader, a backdoor trojan. This commodity loader typically drops or downloads additional payloads when deployed. | MALWARE | Backdoor |
| 11.11.2023 | Effluence | Detecting “Effluence”, An Unauthenticated Confluence Web Shell | MALWARE | Backdoor |
| 01.11.2023 | WINTAPIX | WINTAPIX: A New Kernel Driver Targeting Countries in The Middle East | MALWARE | Backdoor |
| 01.11.2023 | Kazuar | Over the Kazuar’s Nest: Cracking Down on a Freshly Hatched Backdoor Used by Pensive Ursa (Aka Turla) | MALWARE | Backdoor |
| 20.10.2023 | Volgmer | Analysis Report on Lazarus Threat Group’s Volgmer and Scout Malware | MALWARE | Backdoor |
| 20.10.2023 | Bankshot | Following the Lazarus group by tracking DeathNote campaign | MALWARE | Backdoor |
| 12.10.2023 | BlueShell | According to AhnLab, BlueShell is a backdoor malware developed in Go language, published on Github, and it supports Windows, Linux, and Mac operating systems. | MALWARE | Backdoor |
| 01.10.2023 | SideTwist | APT34 Unleashes New Wave of Phishing Attack with Variant of SideTwist Trojan | MALWARE | Backdoor |
| 01.10.2023 | Flagpro | According to PICUS, Flagpro is malware that collects information from the victim and executes commands in the victim’s environment. It targets Japan, Taiwan, and English-speaking countries. When a victim is infected with Flagpro malware, the malware can do the following: | MALWARE | Backdoor |
| 30.09.2023 | TONESHELL | My Tea’s not cold. An overview of China’s cyber threat | MALWARE | Backdoor |
| 24.09.2023 | Deadglyph | Deadglyph: New Advanced Backdoor with Distinctive Malware Tactics | MALWARE | Backdoor |
| 19.09.2023 | ShroudedSnooper | Telecommunication service providers in the Middle East are the target of a new intrusion set dubbed ShroudedSnooper that employs a stealthy backdoor called HTTPSnoop. | MALWARE | Backdoor |
| 06.09.2023 | Andardoor | Analysis of Andariel’s New Attack Activities | MALWARE | Backdoor |
| 06.09.2023 | Volgmer | Analysis of Andariel’s New Attack Activities | MALWARE | Backdoor |
| 03.09.2023 | BillGates/Setag | Elasticsearch is no stranger to cybercriminal abuse given its popularity. | MALWARE | Backdoor |
| 02.09.2023 | Zingdoor | Zingdoor is a new HTTP backdoor written in Go. While we first encountered Zingdoor in April 2023, some logs indicate that the earliest developments of this backdoor took place in June 2022. | MALWARE | Backdoor |
| 13.08.2023 | NightClub | MoustachedBouncer: Espionage against foreign diplomats in Belarus | MALWARE | Backdoor |
| 08.08.2023 | OpenCarrot | North Korea Compromises Sanctioned Russian Missile Engineering Company | MALWARE | Backdoor |
| 03.08.2023 | GraphDrop | PANW Unit 42 describes this malware as capable of up and downloading files as well as loading additional shellcode payloads into selected target processes. | MALWARE | Backdoor |
| 02.08.2023 | BADNEWS | is a a .NET-based modular backdoor that comes with capabilities to establish contact with a remote command-and-control (C2) server and execute commands to enumerate files. | MALWARE | Backdoor |
| 02.08.2023 | ORPCBackdoor | Bitter, also known as Cranberry, is an advanced threat group with suspected roots in South Asia. | MALWARE | Backdoor |
| 30.07.2023 | SEASPY Backdoor MAR-10454006-r2.v1.CLEAR | CISA obtained 14 malware samples comprised of Barracuda exploit payloads and reverse shell backdoors. The malware was used by threat actors exploiting CVE-2023-2868... | MALWARE | Backdoor |
| 30.07.2023 | Exploit Payload Backdoor MAR-10454006-r3.v1.CLEAR | CISA obtained two SEASPY malware samples. The malware was used by threat actors exploiting CVE-2023-2868... | MALWARE | Backdoor |
| 30.07.2023 | SUBMARINE | CISA obtained seven malware samples related to a novel backdoor CISA has named SUBMARINE. The malware was used by threat actors exploiting CVE-2023-2868, a former zero-day vulnerability affecting certain versions 5.1.3.001 - 9.2.0.006 of Barracuda Email Security Gateway (ESG). | MALWARE | Backdoor |
| 26.07.2023 | Decoy Dog | Decoy Dog has a full suite of powerful, previously unknown capabilities | MALWARE | Backdoor |
| 21.07.2023 | DeliveryCheck | According to CERT-UA, this malware makes use of XSLT (Extensible Stylesheet Language Transformations) and COM-hijacking. | MALWARE | Backdoor |
| 20.07.2023 | Redigo | Aqua Nautilus discovered new Go based malware that targets Redis servers. | MALWARE | Backdoor |
| 18.07.2023 | Sardonic | They've also switched from BadHatch to a C++-based backdoor known as Sardonic, which, according to Bitdefender security. | MALWARE | Backdoor |
| 15.07.2023 | Cigril | Backdoor malware | MALWARE | Backdoor |
| 03.07.2023 | Minodo | Ex-Conti and FIN7 Actors Collaborate with New Domino Backdoor | MALWARE | Backdoor |
| 01.07.2023 | CharmPower | CharmPower is a PowerShell-based, modular backdoor that has been used by Magic Hound since at least 2022. | MALWARE | Backdoor |
| 01.07.2023 | POWERSTAR | Charming Kitten Updates POWERSTAR with an InterPlanetary Twist | MALWARE | Backdoor |
| 22.06.2023 | Condi | A new malware called Condi has been observed exploiting a security vulnerability in TP-Link Archer AX21 (AX1800) Wi-Fi routers to rope the devices into a distributed denial-of-service (DDoS) botnet. | MALWARE | Backdoor |
| 22.06.2023 | Graphican | Graphican is an evolution of the known Flea backdoor Ketrican, which itself was based on a previous malware — BS2005 — also used by Flea. | MALWARE | Backdoor |
| 22.06.2023 | Devopt | Zscaler ThreatLabz has recently unearthed a new backdoor called 'Devopt'. | MALWARE | Backdoor |
| 16.06.2023 | GrimPlant | This malware was seen during the cyberattacks on Ukrainian state organizations. It is one of two used backdoors written in Go and attributed to UAC-0056 (SaintBear, UNC2589, TA471). | MALWARE | Backdoor |
| 16.06.2023 | GraphSteel | This malware was seen during the cyberattacks on Ukrainian state organizations. It is one of two used backdoors written in Go and attributed to UAC-0056 (SaintBear, UNC2589, TA471). | MALWARE | Backdoor |
| 11.06.2023 | SPECTRALVIPER | Elastic Security Labs has been tracking an intrusion set targeting large Vietnamese public companies for several months, REF2754. | MALWARE | Backdoor |
| 10.06.2023 | Stealth Soldier | Check Point Research observed a wave of highly-targeted espionage attacks in Libya that utilize a new custom modular backdoor. | MALWARE | Backdoor |
| 25.05.2023 | PowerExchange | An unnamed government entity associated with the United Arab Emirates (U.A.E.) was targeted by a likely Iranian threat actor to breach the victim's Microsoft Exchange Server with a "simple yet effective" backdoor dubbed PowerExchange. | MALWARE | Backdoor |
| 25.05.2023 | PeepingTitle | The reason why the attackers drop two variants is to use one for capturing the victim's screen and the second for monitoring windows and the user's interactions with those. | MALWARE | Backdoor |
| 25.05.2023 | BackdoorDiplomacy | An APT group that we are calling BackdoorDiplomacy, due to the main vertical of its victims, has been targeting Ministries of Foreign Affairs and telecommunication companies in Africa and the Middle East since at least 2017. | MALWARE | Backdoor |
| 15.05.2023 | Merdoor | Merdoor is a fully-featured backdoor that appears to have been in existence since 2018. | MALWARE | Backdoor |
| 28.04.2023 | PortDoor | “PortDoor” is a Chinese Backdoor that targeted ministry and public organizations such as ministry agencies, and industrial plants in East Europe countries (Russia, Belarus and Ukraine) | MALWARE | Backdoor |
| 27.04.2023 | PowerLess | PowerLess is a PowerShell-based modular backdoor that has been used by Magic Hound since at least 2022. | MALWARE | Backdoor |
| 26.04.2023 | SUNBURST | FireEye describes SUNBURST as a trojanized SolarWinds digitally-signed component of the Orion software framework that contains a backdoor that communicates via HTTP to third party servers. | MALWARE | Backdoor |
| 26.04.2023 | Kazuar | Sunburst backdoor – code overlaps with Kazuar | MALWARE | Backdoor |
| 20.04.2023 | MgBot loader | Tweet on some unknown threat actor dropping Mgbot, custom IIS modular backdoor and cobalstrike using exploiting ProxyShell | MALWARE | Backdoor |
| 20.04.2023 | CharmPower | CharmPower is a PowerShell-based, modular backdoor that has been used by Magic Hound since at least 2022. | MALWARE | Backdoor |
| 20.04.2023 | Drokbk | Drokbk Malware Uses GitHub as Dead Drop Resolver | MALWARE | Backdoor |
| 19.04.2023 | Domino | Ex-Conti and FIN7 Actors Collaborate with New Domino Backdoor | MALWARE | Backdoor |
| 08.04.2023 | BarbWire | Operation Bearded Barbie: APT-C-23 Campaign Targeting Israeli Officials | MALWARE | Backdoor |
| 25.03.2023 | TONEINS | TONEINS is the name of a backdoor malware. This software is designed to open a "backdoor" for additional malicious components or programs into compromised systems. | MALWARE | Backdoor |
| 25.03.2023 | MQsTTang | MQsTTang: Mustang Panda’s latest backdoor treads new ground with Qt and MQTT | MALWARE | Backdoor |
| 23.03.2023 | PowerMagic | Bad magic: new APT found in the area of Russo-Ukrainian conflict | MALWARE | Backdoor |
| 15.03.2023 | REDBALDKNIGHT | REDBALDKNIGHT a.k.a BRONZE BUTLER cyberespionage group employ the Daserf backdoor in campaigns. We found that Daserf was not only used on Japanese targets, but also against other countries. We also found versions of Daserf that use steganography. | MALWARE | Backdoor |
| 03.03.2023 | MQsTTang | Mustang Panda is known for its customized Korplug variants (also dubbed PlugX) and elaborate loading chains. In a departure from the group’s usual tactics, MQsTTang has only a single stage and doesn’t use any obfuscation techniques. | MALWARE | Backdoor |
| 23.02.2023 | Atharvan | Atharvan is so-named because when the malware is run, it creates a mutex named: "SAPTARISHI-ATHARVAN-101" to ensure that only one copy is running. | MALWARE | Backdoor |
| 18.02.2023 | WhiskerSpy | Security researchers have discovered a new backdoor called WhiskerSpy used in a campaign from a relatively new advanced threat actor tracked as Earth Kitsune, known for targeting individuals showing an interest in North Korea. | MALWARE | Backdoor |
| 15.02.2023 | GOLDBACKDOOR | Stairwell assesses with medium-high confidence that GOLDBACKDOOR is the successor of, or used in parallel with, the malware BLUELIGHT, attributed to APT37 / Ricochet Chollima. This assessment is based on technical overlaps between the two malware families and the impersonation of NK News, a South Korean news site focused on the DPR | MALWARE | Backdoor |
| 11.02.2023 | Anchor | Anchor is a sophisticated backdoor served as a module to a subset of TrickBot installations. Operating since August 2018 it is not delivered to everybody, but contrary is delivered only to high-profile targets. Since its C2 communication scheme is very similar to the one implemented in the early TrickBot, multiple experts believe it could be attributed to the same authors. | MALWARE | Backdoor |
| 11.02.2023 | BazarBackdoor | BazarBackdoor is a small backdoor, probably by a TrickBot "spin-off" like anchor. Its called team9 backdoor (and the corresponding loader: team9 restart loader). | MALWARE | Backdoor |
| 07.02.2023 | Trojan.MSIL.REDCAP.AD | We analyze an infection campaign targeting organizations in the Middle East for cyberespionage in December 2022 using a new backdoor malware. The campaign abuses legitimate but compromised email accounts to send stolen data to external mail accounts controlled by the attackers. | MALWARE | Backdoor |
| 01.07.2022 | SessionManager | Following on from our earlier Owowa discovery, we continued to hunt for more backdoors potentially set up as malicious modules within IIS, a popular web server edited by Microsoft. And we didn’t come back empty-handed… | MALWARE | Backdoor |
| 25.06.2022 | SolarMarker Backdoor | The GSOC Cybereason Managed Detection and Response (MDR) Team is investigating a series of recent infections that use the SolarMarker backdoor. | MALWARE | Backdoor |
| 25.06.2022 | PowerLess Trojan | Towards the end of 2021, multiple attacks were carried out exploiting the notorious Microsoft Exchange Server vulnerabilities chained together and referred to as ProxyShell, which ultimately enabled multiple threat actors to deploy malware on their targets’ networks. There have been several reports detailing the exploitation of these vulnerabilities by Iranian state sponsored threat actors, among them the Phosphorus APT group carrying out ransomware attacks. | MALWARE | Backdoor |
| 14.05.2022 | Saitama backdoor | Researchers from Malwarebytes and Fortinet FortiGuard Labs attributed the campaign to an Iranian cyber espionage threat actor tracked under the moniker APT34, citing resemblances to past campaigns staged by the group. | MALWARE | Backdoor |
| 10.05.2022 | Octopus Backdoor | Last week, I found another interesting Word document that delivered an interesting malicious script to potential victims. Usually, Office documents carry VBA macros that are activated using a bit of social engineering (the classic yellow ribbon) but this time, the document did not contain any malicious code. | MALWARE | Backdoor |
| 08.05.2022 | SmokeLoader | The SmokeLoader family is a generic backdoor with a range of capabilities which depend on the modules included in any given build of the malware. The malware is delivered in a variety of ways and is broadly associated with criminal activity. | MALWARE | Backdoor |
| 28.03.2022 | MustangPanda | MALWARE | Backdoor | |
| 01.03.2022 | Daxin Malware | MALWARE | Backdoor espionage | |
| 09.01.2023 | Linux.BackDoor.WordPressExploit.1 | is a trojan application for 32-bit and 64-bit Linux operating systems that targets x86-compatible devices. | MALWARE | Backdoor Linux |
| 09.01.2023 | Linux.BackDoor.WordPressExploit.2 | is a trojan application for 32-bit and 64-bit Linux operating systems that targets x86-compatible devices. The backdoor is written in the Go (Golang) programming language and executes attackers’ commands. | MALWARE | Backdoor Linux |