VERY IMPORTANT

During a recent compromise assessment, Cylance incident responders and threat researchers uncovered a surreptitious and sophisticated remote access trojan (RAT) that had been planted and operated by the suspected threat actor. Upon further inspection, the RAT appeared to share many similarities with an old Chinese backdoor known as “Hacker’s Door”, first released publicly in 2004 and updated in 2005. Hacker’s Door is now sold privately by the original author (yyt_hac) with updates to support newer Operating Systems and architectures. It is likely that the analyzed samples were created using the private version, as they are designed to run on modern 64-bit systems, although they could have been built based on sold, leaked or stolen source code.