RGDoor
RGDoor is a cleverly-designed backdoor Trojan, which was discovered on multiple networks belonging to companies and organizations in the Middle East. The backdoor works by targeting the Microsoft's Internet Information Services (IIS) webserver software compatible with various versions of the Windows operating system. Cybersecurity experts suspect that the RGDoor is not the primary tool the attackers use when they take over a network and, instead, it is meant to work as a backup plan in case their primary payload is discovered and removed. This would explain why RGDoor's functionality is rather limited – the backdoor allows its operator to execute commands via the Windows Command Prompt, upload files to the compromised host, and download files from it. While this may not look a lot, it is more than enough to enable the evil-minded actor to re-infect systems, collect files, and weaken the system's security.
OilRig Hackers Use the RGDoor Trojan Regularly
The usage of the RGDoor is attributed to the APT34 group, also known as OilRig. So far, no other threat actor has been spotted using the RGDoor backdoor, so it is safe to assume that OilRig are the sole creators and users of this threatening software. The RGDoor was often found in combination with the TwoFace webshell, another signature implant of the OilRig hackers. It is probably that the RGDoor backdoor might be used as a failsafe in case the webshell is detected and removed.
It is typical for APT actors to take extra measures to make sure that their attack will not be interrupted, and the use of secondary implants is often the best way to achieve this. While the RGDoor Trojan does not shine with extraordinary features, it provides its creators with enough functionality to ensure that they will be able to re-infect systems in case their primary implant is eradicated. Despite their efforts towards developing high-grade malware, modern anti-malware products are still capable of identifying and eradicating threats like the RGDoor Trojan before they get a chance to settle in.
Leave a Reply
Please note that we are not able to assist with billing and support issues regarding SpyHunter or other products. If you're having issues with SpyHunter, please get in touch with SpyHunter customer support through your SpyHunter . If you have SpyHunter billing questions, we recommend you check the Billing FAQ. For general suggestions or feedback, contact us.