According to Unit42, NGLite is a backdoor Trojan that is only capable of running commands received through its C2 channel. While the capabilities are standard for a backdoor, NGLite uses a novel C2 channel that leverages a decentralized network based on the legitimate NKN to communicate between the backdoor and the actors.
|2021-12-02 ⋅ CISA ⋅ |
Alert (AA21-336A): APT Actors Exploiting CVE-2021-44077 in Zoho ManageEngine ServiceDesk Plus
KDC Sponge NGLite
|2021-11-07 ⋅ Palo Alto Networks Unit 42 ⋅ |
Targeted Attack Campaign Against ManageEngine ADSelfService Plus Delivers Godzilla Webshells, NGLite Trojan and KdcSponge Stealer
Godzilla Webshell NGLite
There is no Yara-Signature yet.