Openhunting Threat Library

Goodor

Goodor, Fuerboos
(Type: Backdoor)

(Symantec) Backdoor.Goodor provides the attackers with remote access to the victim’s machine.

[News Analysis] Trends:

Total Trend: 3

Trend Per Year
1
2017
1
2018
1
2020


Trend Per Month
1
Oct 2017
1
Apr 2018
1
Mar 2020



[News Analysis] News Mention Another Threat Name:

5 - Goodor5 - Dorshel5 - Heriplor5 - Karagany5 - Listrix5 - ENERGETIC BEAR


[TTP Analysis] Technique Performance:



[TTP Analysis] Mitre Attack Matrix:

TA0043 TA0042 TA0001 TA0002 TA0003 TA0004 TA0005 TA0006 TA0007 TA0008 TA0009 TA0011 TA0010 TA0040
Reconnaissance Resource Development Initial Access Execution Persistence Privilege Escalation Defense Evasion Credential Access Discovery Lateral Movement Collection Command and Control Exfiltration Impact


[Infrastructure Analysis] Based on Related IOC:

IP:Port Timestamp
Domain Timestamp
URL Timestamp


[Target Analysis] Region/Sector:

No information


References:

News Basic Information Indicator of Compromise Mitre Attack

News Article (Credit @Malpedia)

A New Look at Old Dragonfly Malware (Goodor)

2020-03-30 by Kevin Perlow from One Night in Norfolk

Hostile state actors compromising UK organisations with focus on engineering and industrial control companies

2018-04-04 by NCSC UK from NCSC UK

Dragonfly: Western energy sector targeted by sophisticated attack group

2017-10-20 by Critical Attack Discovery and Intelligence Team from Symantec

Basic Information (Credit @etda.or.th)

Tool: Goodor

Names: Goodor, Fuerboos

Description: (Symantec) Backdoor.Goodor provides the attackers with remote access to the victim’s machine.

Category: Malware

Type: Backdoor

Information: https://symantec-blogs.broadcom.com/blogs/threat-intelligence/dragonfly-energy-sector-cyber-attacks

Information: https://www.ncsc.gov.uk/alerts/hostile-state-actors-compromising-uk-organisations-focus-engineering-and-industrial-control

Malpedia: https://malpedia.caad.fkie.fraunhofer.de/details/win.goodor

Last-card-change: 2020-05-13

Source: https://apt.etda.or.th/cgi-bin/listtools.cgi

TA0043 TA0042 TA0001 TA0002 TA0003 TA0004 TA0005 TA0006 TA0007 TA0008 TA0009 TA0011 TA0010 TA0040
Reconnaissance Resource Development Initial Access Execution Persistence Privilege Escalation Defense Evasion Credential Access Discovery Lateral Movement Collection Command and Control Exfiltration Impact