Heyoka Backdoor

MITRE

Tipo Malware:
Other

Prima attivita:
Unknown

Ultima attivita:
Unknown

Dettagli:

[Heyoka Backdoor](https://attack.mitre.org/software/S1027) is a custom backdoor--based on the Heyoka open source exfiltration tool--that has been used by [Aoqin Dragon](https://attack.mitre.org/groups/G1007) since at least 2013.(Citation: SentinelOne Aoqin Dragon June 2022)(Citation: Sourceforge Heyoka 2022)

Tecniche Associate (15)

ID	ATT&CK	Tattiche
T1007	System Service Discovery	-
T1027.013	Encrypted/Encoded File	-
T1036.004	Masquerade Task or Service	-
T1055.001	Dynamic-link Library Injection	-
T1057	Process Discovery	-
T1070.004	File Deletion	-
T1071.004	DNS	-
T1083	File and Directory Discovery	-
T1120	Peripheral Device Discovery	-
T1140	Deobfuscate/Decode Files or Information	-
T1204.002	Malicious File	-
T1218.011	Rundll32	-
T1547.001	Registry Run Keys / Startup Folder	-
T1572	Protocol Tunneling	-
T1680	Local Storage Discovery	-

Usato da Attori (1)

Aoqin Dragon
Unknown

Metadata

ID:	612
Created:	13/01/2026 17:48
Updated:	06/03/2026 16:00