Skip to content

Hide Navigation Hide TOC

Nightdoor - S1147 (51f78dfc-52f9-424e-8753-bb4246188313)

Nightdoor is a backdoor exclusively associated with Daggerfly operations. Nightdoor uses common libraries with MgBot and MacMa, linking these malware families together.(Citation: ESET EvasivePanda 2024)(Citation: Symantec Daggerfly 2024)

Cluster A Galaxy A Cluster B Galaxy B Level
Process Discovery - T1057 (8f4a33ec-8b1f-4b80-a2f6-642b2e479580) Attack Pattern Nightdoor - S1147 (51f78dfc-52f9-424e-8753-bb4246188313) Malware 1
System Owner/User Discovery - T1033 (03d7999c-1f4c-42cc-8373-e7690d318104) Attack Pattern Nightdoor - S1147 (51f78dfc-52f9-424e-8753-bb4246188313) Malware 1
Nightdoor - S1147 (51f78dfc-52f9-424e-8753-bb4246188313) Malware System Information Discovery - T1082 (354a7f88-63fb-41b5-a801-ce3b377b36f1) Attack Pattern 1
Nightdoor - S1147 (51f78dfc-52f9-424e-8753-bb4246188313) Malware Deobfuscate/Decode Files or Information - T1140 (3ccef7ae-cb5e-48f6-8302-897105fbf55c) Attack Pattern 1
Nightdoor - S1147 (51f78dfc-52f9-424e-8753-bb4246188313) Malware Web Service - T1102 (830c9528-df21-472c-8c14-a036bf17d665) Attack Pattern 1
Nightdoor - S1147 (51f78dfc-52f9-424e-8753-bb4246188313) Malware Scheduled Task - T1053.005 (005a06c6-14bf-4118-afa0-ebcd8aebb0c9) Attack Pattern 1
Nightdoor - S1147 (51f78dfc-52f9-424e-8753-bb4246188313) Malware System Time Discovery - T1124 (f3c544dc-673c-4ef3-accb-53229f1ae077) Attack Pattern 1
Nightdoor - S1147 (51f78dfc-52f9-424e-8753-bb4246188313) Malware File Deletion - T1070.004 (d63a3fb8-9452-4e9d-a60a-54be68d5998c) Attack Pattern 1
Hijack Execution Flow - T1574 (aedfca76-3b30-4866-b2aa-0f1d7fd1e4b6) Attack Pattern Nightdoor - S1147 (51f78dfc-52f9-424e-8753-bb4246188313) Malware 1
Nightdoor - S1147 (51f78dfc-52f9-424e-8753-bb4246188313) Malware System Checks - T1497.001 (29be378d-262d-4e99-b00d-852d573628e6) Attack Pattern 1
Nightdoor - S1147 (51f78dfc-52f9-424e-8753-bb4246188313) Malware System Network Configuration Discovery - T1016 (707399d6-ab3e-4963-9315-d9d3818cd6a0) Attack Pattern 1
Nightdoor - S1147 (51f78dfc-52f9-424e-8753-bb4246188313) Malware Application Layer Protocol - T1071 (355be19c-ffc9-46d5-8d50-d6a036c675b6) Attack Pattern 1
Nightdoor - S1147 (51f78dfc-52f9-424e-8753-bb4246188313) Malware Windows Command Shell - T1059.003 (d1fcf083-a721-4223-aedf-bf8960798d62) Attack Pattern 1
Scheduled Task - T1053.005 (005a06c6-14bf-4118-afa0-ebcd8aebb0c9) Attack Pattern Scheduled Task/Job - T1053 (35dd844a-b219-4e2b-a6bb-efa9a75995a9) Attack Pattern 2
Indicator Removal - T1070 (799ace7f-e227-4411-baa0-8868704f2a69) Attack Pattern File Deletion - T1070.004 (d63a3fb8-9452-4e9d-a60a-54be68d5998c) Attack Pattern 2
System Checks - T1497.001 (29be378d-262d-4e99-b00d-852d573628e6) Attack Pattern Virtualization/Sandbox Evasion - T1497 (82caa33e-d11a-433a-94ea-9b5a5fbef81d) Attack Pattern 2
Command and Scripting Interpreter - T1059 (7385dfaf-6886-4229-9ecd-6fd678040830) Attack Pattern Windows Command Shell - T1059.003 (d1fcf083-a721-4223-aedf-bf8960798d62) Attack Pattern 2