← Back to Pulse Feed
PULSE DETAIL
PULSE NAME
Squidoor Backdoor Malware Exploits IIS Servers for Stealthy Attacks
WHITE Superpro 2025-03-13 Modified: 2025-04-12
72
IOCs
HIGH VOLUME
A highly advanced backdoor malware, dubbed "Squidoor," is being used by suspected Chinese threat actors to target organizations in South America and Southeast Asia. The malware is designed for stealth and persistence, enabling attackers to maintain access to compromised networks while evading detection.
squidoorfigurepastebinwindowsc2 serverwindows versionsoutheast asiasouth americalinuxoutlook apiallianceicmpimpacketcodepowershellfebruaryprotectchinese
MITRE ATT&CK & Malware Families
ATT&CK TECHNIQUES
MALWARE FAMILIES
Chinese Windows Squidoor
Indicators of Compromise (4 / 72 total)
All FileHash-MD5 FileHash-SHA1 FileHash-SHA256 domain hostname
TYPEINDICATORDESCRIPTIONCREATED
domain bashupload.com 2025-03-13
domain microsoft-beta.com 2025-03-13
domain microsoftapimap.com 2025-03-13
domain zimbra-beta.info 2025-03-13
References (1)
↗ https://unit42.paloaltonetworks.com/advanced-backdoor-squidoor/