SYMBOLCOMMON_NAMEaka. SYNONYMS
win.nglite (Back to overview)

NGLite

According to Unit42, NGLite is a backdoor Trojan that is only capable of running commands received through its C2 channel. While the capabilities are standard for a backdoor, NGLite uses a novel C2 channel that leverages a decentralized network based on the legitimate NKN to communicate between the backdoor and the actors.

References
2021-12-02CISAUS-CERT
@online{uscert:20211202:alert:ac0edaf, author = {US-CERT}, title = {{Alert (AA21-336A): APT Actors Exploiting CVE-2021-44077 in Zoho ManageEngine ServiceDesk Plus}}, date = {2021-12-02}, organization = {CISA}, url = {https://us-cert.cisa.gov/ncas/alerts/aa21-336a}, language = {English}, urldate = {2021-12-07} } Alert (AA21-336A): APT Actors Exploiting CVE-2021-44077 in Zoho ManageEngine ServiceDesk Plus
KDC Sponge NGLite
2021-11-07Palo Alto Networks Unit 42Robert Falcone, Jeff White, Peter Renals
@online{falcone:20211107:targeted:121be00, author = {Robert Falcone and Jeff White and Peter Renals}, title = {{Targeted Attack Campaign Against ManageEngine ADSelfService Plus Delivers Godzilla Webshells, NGLite Trojan and KdcSponge Stealer}}, date = {2021-11-07}, organization = {Palo Alto Networks Unit 42}, url = {https://unit42.paloaltonetworks.com/manageengine-godzilla-nglite-kdcsponge/}, language = {English}, urldate = {2021-12-02} } Targeted Attack Campaign Against ManageEngine ADSelfService Plus Delivers Godzilla Webshells, NGLite Trojan and KdcSponge Stealer
Godzilla Webshell NGLite

There is no Yara-Signature yet.