Backdoor.Oldrea

MITRE

Malware Type:
Other

First seen:
Unknown

Last seen:
Unknown

Details:

[Backdoor.Oldrea](https://attack.mitre.org/software/S0093) is a modular backdoor that used by [Dragonfly](https://attack.mitre.org/groups/G0035) against energy companies since at least 2013. [Backdoor.Oldrea](https://attack.mitre.org/software/S0093) was distributed via supply chain compromise, and included specialized modules to enumerate and map ICS-specific systems, processes, and protocols.(Citation: Symantec Dragonfly)(Citation: Gigamon Berserk Bear October 2021)(Citation: Symantec Dragonfly Sept 2017)

Associated Techniques (16)

ID	ATT&CK	Tactics
T1016	System Network Configuration Discovery	-
T1018	Remote System Discovery	-
T1033	System Owner/User Discovery	-
T1046	Network Service Discovery	-
T1055	Process Injection	-
T1057	Process Discovery	-
T1070.004	File Deletion	-
T1082	System Information Discovery	-
T1083	File and Directory Discovery	-
T1087.003	Email Account	-
T1105	Ingress Tool Transfer	-
T1132.001	Standard Encoding	-
T1218.011	Rundll32	-
T1547.001	Registry Run Keys / Startup Folder	-
T1555.003	Credentials from Web Browsers	-

Aliases (105)

Havex Havex Havex Havex Havex Havex Havex Havex Havex Havex Havex Havex Havex Havex Havex Havex Havex Havex Havex Havex Havex Havex Havex Havex Havex Havex Havex Havex Havex Havex Havex Havex Havex Havex Havex Havex Havex Havex Havex Havex Havex Havex Havex Havex Havex Havex Havex Havex Havex Havex Havex Havex Havex Havex Havex Havex Havex Havex Havex Havex Havex Havex Havex Havex Havex Havex Havex Havex Havex Havex Havex Havex Havex Havex Havex Havex Havex Havex Havex Havex Havex Havex Havex Havex Havex Havex Havex Havex Havex Havex Havex Havex Havex Havex Havex Havex Havex Havex Havex Havex Havex Havex Havex Havex Havex

Used by Actors (1)

Dragonfly
Unknown

Metadata

ID:	28
Created:	13/01/2026 17:48
Updated:	06/03/2026 16:00