Threats Tagged 'terndoor'
View all threats tagged with 'terndoor'. Filter and sort to focus on specific types of threats.
Stop chasing alerts. Route them.
Start free, then upgrade once to turn Radar into an automated delivery engine for your security stack.
Custom feeds / Automations: email, Slack, webhooks, SIEM/MISP / API access (baseline limits)
API access activates after upgrading in Console -> Billing.
Check if your credentials are on the dark web
Instant breach scanning across billions of leaked records. Free tier available.
Filter Threats
Narrow down the results by type, severity, or affected countries
Threats Tagged 'terndoor'
Click on any threat for detailed analysis and mitigation recommendations
South American telecommunication providers targeted with three new malware implants 0 UAT-9244, a China-nexus advanced persistent threat actor, has been targeting critical telecommunications infrastructure in South America since 2024. The group employs three new malware implants: TernDoor, a Windows-based backdoor variant of CrowDoor; PeerTime, an ELF-based backdoor using BitTorrent protocol; and BruteEntry, a brute force scanner for SSH, Postgres, and Tomcat servers. UAT-9244 uses dynamic-link library side-loading, scheduled tasks, and registry modifications for persistence. The group is closely associated with FamousSparrow and Tropic Trooper, sharing similar tooling and tactics. Their infrastructure includes multiple command and control servers and operational relay boxes for scanning and brute-forcing activities. Join the discussion | AlienVault OTX General | 03/05/2026, 20:13:36 UTC Added: 03/06/2026, 11:30:23 UTC |
Showing 1 to 1 of 1 result