(Proofpoint) Much like {{Crimson RAT}} and {{Peppy RAT}}, Beendoor is capable of taking screenshots of the victims desktop. On Beendoor’s C&C we were able to recover a screenshot that appears to have been taken from one of the malware developer’s computer.
| TA0043 | TA0042 | TA0001 | TA0002 | TA0003 | TA0004 | TA0005 | TA0006 | TA0007 | TA0008 | TA0009 | TA0011 | TA0010 | TA0040 |
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| Reconnaissance | Resource Development | Initial Access | Execution | Persistence | Privilege Escalation | Defense Evasion | Credential Access | Discovery | Lateral Movement | Collection | Command and Control | Exfiltration | Impact |
| IP:Port | Timestamp |
|---|
| Domain | Timestamp |
|---|
| URL | Timestamp |
|---|
2016-03-01 by Darien Huss from Proofpoint
Tool: beendoor
Names: beendoor
Description: (Proofpoint) Much like {{Crimson RAT}} and {{Peppy RAT}}, Beendoor is capable of taking screenshots of the victims desktop. On Beendoor’s C&C we were able to recover a screenshot that appears to have been taken from one of the malware developer’s computer.
Category: Malware
Type: Backdoor, Info stealer
Information: https://www.proofpoint.com/sites/default/files/proofpoint-operation-transparent-tribe-threat-insight-en.pdf
Malpedia: https://malpedia.caad.fkie.fraunhofer.de/details/win.beendoor
Last-card-change: 2020-04-23
Source: https://apt.etda.or.th/cgi-bin/listtools.cgi
| TA0043 | TA0042 | TA0001 | TA0002 | TA0003 | TA0004 | TA0005 | TA0006 | TA0007 | TA0008 | TA0009 | TA0011 | TA0010 | TA0040 |
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| Reconnaissance | Resource Development | Initial Access | Execution | Persistence | Privilege Escalation | Defense Evasion | Credential Access | Discovery | Lateral Movement | Collection | Command and Control | Exfiltration | Impact |