{"id":50616,"date":"2023-02-17T15:37:45","date_gmt":"2023-02-17T15:37:45","guid":{"rendered":"https:\/\/packetstormsecurity.com\/news\/view\/34337\/Researchers-Unearth-Windows-Backdoor-Thats-Unusually-Stealthy.html"},"modified":"2023-02-17T15:37:45","modified_gmt":"2023-02-17T15:37:45","slug":"researchers-unearth-windows-backdoor-thats-unusually-stealthy","status":"publish","type":"post","link":"https:\/\/www.threatshub.org\/blog\/researchers-unearth-windows-backdoor-thats-unusually-stealthy\/","title":{"rendered":"Researchers Unearth Windows Backdoor That&#8217;s Unusually Stealthy"},"content":{"rendered":"<figure class=\"intro-image intro-left\"> <img decoding=\"async\" src=\"https:\/\/cdn.arstechnica.net\/wp-content\/uploads\/2021\/03\/backdoor-800x450.jpeg\" alt=\"A cartoon door leads to a wall of computer code.\"><figcaption class=\"caption\"><\/figcaption><\/figure>\n<aside id=\"social-left\" class=\"social-left\" aria-label=\"Read the comments or share this article\"> <a class=\"comment-count icon-comment-bubble-down\" href=\"https:\/\/arstechnica.com\/information-technology\/2023\/02\/new-backdoor-targeting-windows-servers-is-ultra-stealthy\/?comments=1\"> <\/p>\n<h4 class=\"comment-count-before\">reader comments<\/h4>\n<p> <span class=\"comment-count-number\">34<\/span> <span class=\"visually-hidden\"> with <\/span> <\/a> <\/p>\n<div class=\"share-links\">\n<h4>Share this story<\/h4>\n<\/p><\/div>\n<\/aside>\n<p> <!-- cache hit 17:single\/related:48316f16f94c15bf459b47b3e7546c3b --><!-- empty --><\/p>\n<p>Researchers have discovered a clever piece of malware that stealthily exfiltrates data and executes malicious code from Windows systems by abusing a feature in Microsoft Internet Information Services (IIS).<\/p>\n<p>IIS is a general-purpose web server that runs on Windows devices. As a web server, it accepts requests from remote clients and returns the appropriate response. In July 2021, network intelligence company Netcraft <a href=\"https:\/\/news.netcraft.com\/archives\/2021\/07\/26\/july-2021-web-server-survey.html\">said<\/a> there were 51.6 million instances of IIS spread across 13.5 million unique domains.<\/p>\n<p>IIS offers a feature called Failed Request Event Buffering that collects metrics and other data about web requests received from remote clients. Client IP addresses and port and HTTP headers with cookies are two examples of the data that can be collected. FREB helps administrators troubleshoot failed web requests by retrieving ones meeting certain criteria from a buffer and writing them to disk. The mechanism can help determine the cause of 401 or 404 errors or isolate the cause of stalled or aborted requests.<\/p>\n<p>Criminal hackers have figured out how to abuse this FREB feature to smuggle and execute malicious code into protected regions of an already compromised network. The hackers can also use FREB to exfiltrate data from the same protected regions. Because the technique blends in with legitimate eeb requests, it provides a stealthy way to further burrow into the compromised network.<\/p>\n<p>The post-exploit malware that makes this possible has been dubbed Frebniis by researchers from Symantec, who <a href=\"https:\/\/symantec-enterprise-blogs.security.com\/blogs\/threat-intelligence\/frebniis-malware-iis\">reported on its use<\/a> on Thursday. Frebniis first ensures FREB is enabled and then hijacks its execution by injecting malicious code into the IIS process memory and causing it to run. Once the code is in place, Frebniis can inspect all HTTP requests received by the IIS server.<\/p>\n<aside class=\"ad_wrapper\" aria-label=\"In Content advertisement\"> <span class=\"ad_notice\">Advertisement <\/span> <\/aside>\n<p>\u201cBy hijacking and modifying IIS web server code, Frebniis is able to intercept the regular flow of HTTP request handling and look for specially formatted HTTP requests,\u201d Symantec researchers wrote. \u201cThese requests allow remote code execution and proxying to internal systems in a stealthy manner. No files or suspicious processes will be running on the system, making Frebniis a relatively unique and rare type of HTTP backdoor seen in the wild.\u201d<\/p>\n<p>Before Frebniis can work, an attacker must first hack the Windows system running the IIS server. Symantec researchers have yet to determine how Frebniis does this.<\/p>\n<p>Frebniis parses all HTTP POST requests invoking the logon.aspx or default.aspx files, which are used to create login pages and serve default web pages, respectively. Attackers can smuggle requests into an infected server by sending one of these requests and adding the password \u201c7ux4398!\u201d as a parameter. Once such a request is received, Frebniis decrypts and executes .Net code that controls the main backdoor functions. To make the process more stealthy, the code drops no files to disk.<\/p>\n<p>The .NET code serves two purposes. First, it provides a proxy that allows attackers to use the compromised IIS server to interact or communicate with internal resources that would otherwise be inaccessible from the Internet. The following table shows the commands it\u2019s programmed to carry out:<\/p>\n<div class=\"paragraph-table\">\n<table role=\"table\">\n<caption>Table 1. Frebniis commands\u2014the function names have been misspelled by the malware author<\/caption>\n<thead role=\"rowgroup\">\n<tr role=\"row\">\n<th role=\"columnheader\" data-label=\"Command\">Command<\/th>\n<th role=\"columnheader\" data-label=\" Function name\">Function name<\/th>\n<th role=\"columnheader\" data-label=\" Parameter\">Parameter<\/th>\n<th role=\"columnheader\" data-label=\" Description\">Description<\/th>\n<\/tr>\n<\/thead>\n<tbody role=\"rowgroup\">\n<tr role=\"row\">\n<td role=\"cell\" data-label=\"Command\">1<\/td>\n<td role=\"cell\" data-label=\" Function name\">CreateConnect<\/td>\n<td role=\"cell\" data-label=\" Parameter\">Host:Port<\/td>\n<td role=\"cell\" data-label=\" Description\">Connect to a remote system for proxying, returns a UUID representing the remote system<\/td>\n<\/tr>\n<tr role=\"row\">\n<td role=\"cell\" data-label=\"Command\">2<\/td>\n<td role=\"cell\" data-label=\" Function name\">ReadScoket<\/td>\n<td role=\"cell\" data-label=\" Parameter\">Uuid<\/td>\n<td role=\"cell\" data-label=\" Description\">Read a Base64 string from a remote system<\/td>\n<\/tr>\n<tr role=\"row\">\n<td role=\"cell\" data-label=\"Command\">3<\/td>\n<td role=\"cell\" data-label=\" Function name\">Writescoket<\/td>\n<td role=\"cell\" data-label=\" Parameter\">Uuid, Base64 string<\/td>\n<td role=\"cell\" data-label=\" Description\">Write a Base64 string to a remote system<\/td>\n<\/tr>\n<tr role=\"row\">\n<td role=\"cell\" data-label=\"Command\">4<\/td>\n<td role=\"cell\" data-label=\" Function name\">CloseScoket<\/td>\n<td role=\"cell\" data-label=\" Parameter\">Uuid<\/td>\n<td role=\"cell\" data-label=\" Description\">Close the connection<\/td>\n<\/tr>\n<\/tbody>\n<\/table>\n<\/div>\n<p>The second purpose of the .Net code is to allow the remote execution of attacker-provided code on the IIS server. By sending a request to the logon.aspx or default.aspx files that includes code written in C#, Frebniis will automatically decode it and execute it in memory. Once again, by executing the code directly in memory, the backdoor is much harder to detect.<\/p>\n<div>\n<figure class=\"image shortcode-img center full\"><img loading=\"lazy\" decoding=\"async\" alt=\"Diagram showing how Frebniis is used.\" src=\"https:\/\/cdn.arstechnica.net\/wp-content\/uploads\/2023\/02\/Fig3.webp\" width=\"519\" height=\"260\"><figcaption class=\"caption\">\n<div class=\"caption-text\">Diagram showing how Frebniis is used.<\/div>\n<\/figcaption><\/figure>\n<p>It\u2019s not clear how widely used Frebniis is at the moment. The post provides two file hashes associated with the backdoor but doesn\u2019t explain how to search a system to see if they exist.<\/p>\n<\/div>\n<p> READ MORE <a href=\"https:\/\/packetstormsecurity.com\/news\/view\/34337\/Researchers-Unearth-Windows-Backdoor-Thats-Unusually-Stealthy.html\">HERE<\/a><\/p>\n","protected":false},"excerpt":{"rendered":"<p>READ MORE HERE&#8230;<\/p>\n","protected":false},"author":2,"featured_media":50617,"comment_status":"closed","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"colormag_page_layout":"default_layout","footnotes":""},"categories":[277],"tags":[9204],"class_list":["post-50616","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-cybersecurity-blogs","tag-headlinehackermicrosoftbackdoor"],"yoast_head":"<!-- This site is optimized with the Yoast SEO plugin v26.8 - https:\/\/yoast.com\/product\/yoast-seo-wordpress\/ -->\n<title>Researchers Unearth Windows Backdoor That&#039;s Unusually Stealthy 2026 | ThreatsHub Cybersecurity News<\/title>\n<meta name=\"description\" content=\"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security &amp; Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.\" \/>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/www.threatshub.org\/blog\/researchers-unearth-windows-backdoor-thats-unusually-stealthy\/\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"Researchers Unearth Windows Backdoor That&#039;s Unusually Stealthy 2026 | ThreatsHub Cybersecurity News\" \/>\n<meta property=\"og:description\" content=\"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security &amp; Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.\" \/>\n<meta property=\"og:url\" content=\"https:\/\/www.threatshub.org\/blog\/researchers-unearth-windows-backdoor-thats-unusually-stealthy\/\" \/>\n<meta property=\"og:site_name\" content=\"ThreatsHub Cybersecurity News\" \/>\n<meta property=\"article:published_time\" content=\"2023-02-17T15:37:45+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/cdn.arstechnica.net\/wp-content\/uploads\/2021\/03\/backdoor-800x450.jpeg\" \/>\n<meta name=\"author\" content=\"TH Author\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:creator\" content=\"@threatshub\" \/>\n<meta name=\"twitter:site\" content=\"@threatshub\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"TH Author\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"3 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\/\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\/\/www.threatshub.org\/blog\/researchers-unearth-windows-backdoor-thats-unusually-stealthy\/#article\",\"isPartOf\":{\"@id\":\"https:\/\/www.threatshub.org\/blog\/researchers-unearth-windows-backdoor-thats-unusually-stealthy\/\"},\"author\":{\"name\":\"TH Author\",\"@id\":\"https:\/\/www.threatshub.org\/blog\/#\/schema\/person\/12e0a8671ff89a863584f193e7062476\"},\"headline\":\"Researchers Unearth Windows Backdoor That&#8217;s Unusually Stealthy\",\"datePublished\":\"2023-02-17T15:37:45+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\/\/www.threatshub.org\/blog\/researchers-unearth-windows-backdoor-thats-unusually-stealthy\/\"},\"wordCount\":689,\"publisher\":{\"@id\":\"https:\/\/www.threatshub.org\/blog\/#organization\"},\"image\":{\"@id\":\"https:\/\/www.threatshub.org\/blog\/researchers-unearth-windows-backdoor-thats-unusually-stealthy\/#primaryimage\"},\"thumbnailUrl\":\"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2023\/02\/researchers-unearth-windows-backdoor-thats-unusually-stealthy.jpg\",\"keywords\":[\"headline,hacker,microsoft,backdoor\"],\"articleSection\":[\"CyberSecurity Blogs\"],\"inLanguage\":\"en-US\"},{\"@type\":\"WebPage\",\"@id\":\"https:\/\/www.threatshub.org\/blog\/researchers-unearth-windows-backdoor-thats-unusually-stealthy\/\",\"url\":\"https:\/\/www.threatshub.org\/blog\/researchers-unearth-windows-backdoor-thats-unusually-stealthy\/\",\"name\":\"Researchers Unearth Windows Backdoor That's Unusually Stealthy 2026 | ThreatsHub Cybersecurity News\",\"isPartOf\":{\"@id\":\"https:\/\/www.threatshub.org\/blog\/#website\"},\"primaryImageOfPage\":{\"@id\":\"https:\/\/www.threatshub.org\/blog\/researchers-unearth-windows-backdoor-thats-unusually-stealthy\/#primaryimage\"},\"image\":{\"@id\":\"https:\/\/www.threatshub.org\/blog\/researchers-unearth-windows-backdoor-thats-unusually-stealthy\/#primaryimage\"},\"thumbnailUrl\":\"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2023\/02\/researchers-unearth-windows-backdoor-thats-unusually-stealthy.jpg\",\"datePublished\":\"2023-02-17T15:37:45+00:00\",\"description\":\"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security & Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.\",\"breadcrumb\":{\"@id\":\"https:\/\/www.threatshub.org\/blog\/researchers-unearth-windows-backdoor-thats-unusually-stealthy\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\/\/www.threatshub.org\/blog\/researchers-unearth-windows-backdoor-thats-unusually-stealthy\/\"]}]},{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/www.threatshub.org\/blog\/researchers-unearth-windows-backdoor-thats-unusually-stealthy\/#primaryimage\",\"url\":\"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2023\/02\/researchers-unearth-windows-backdoor-thats-unusually-stealthy.jpg\",\"contentUrl\":\"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2023\/02\/researchers-unearth-windows-backdoor-thats-unusually-stealthy.jpg\",\"width\":800,\"height\":450},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\/\/www.threatshub.org\/blog\/researchers-unearth-windows-backdoor-thats-unusually-stealthy\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\/\/www.threatshub.org\/blog\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"headline,hacker,microsoft,backdoor\",\"item\":\"https:\/\/www.threatshub.org\/blog\/tag\/headlinehackermicrosoftbackdoor\/\"},{\"@type\":\"ListItem\",\"position\":3,\"name\":\"Researchers Unearth Windows Backdoor That&#8217;s Unusually Stealthy\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\/\/www.threatshub.org\/blog\/#website\",\"url\":\"https:\/\/www.threatshub.org\/blog\/\",\"name\":\"ThreatsHub Cybersecurity News\",\"description\":\"%%focuskw%% Threat Intel \u2013 Threat Intel Services \u2013 CyberIntelligence \u2013 Cyber Threat Intelligence - Threat Intelligence Feeds - Threat Intelligence Reports - CyberSecurity Report \u2013 Cyber Security PDF \u2013 Cybersecurity Trends - Cloud Sandbox \u2013- Threat IntelligencePortal \u2013 Incident Response \u2013 Threat Hunting \u2013 IOC - Yara - Security Operations Center \u2013 SecurityOperation Center \u2013 Security SOC \u2013 SOC Services - Advanced Threat - Threat Detection - TargetedAttack \u2013 APT \u2013 Anti-APT \u2013 Advanced Protection \u2013 Cyber Security Services \u2013 Cybersecurity Services -Threat Intelligence Platform\",\"publisher\":{\"@id\":\"https:\/\/www.threatshub.org\/blog\/#organization\"},\"alternateName\":\"Threatshub.org\",\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\/\/www.threatshub.org\/blog\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"en-US\"},{\"@type\":\"Organization\",\"@id\":\"https:\/\/www.threatshub.org\/blog\/#organization\",\"name\":\"ThreatsHub.org\",\"alternateName\":\"Threatshub.org\",\"url\":\"https:\/\/www.threatshub.org\/blog\/\",\"logo\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/www.threatshub.org\/blog\/#\/schema\/logo\/image\/\",\"url\":\"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2025\/05\/Threatshub_Favicon1.jpg\",\"contentUrl\":\"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2025\/05\/Threatshub_Favicon1.jpg\",\"width\":432,\"height\":435,\"caption\":\"ThreatsHub.org\"},\"image\":{\"@id\":\"https:\/\/www.threatshub.org\/blog\/#\/schema\/logo\/image\/\"},\"sameAs\":[\"https:\/\/x.com\/threatshub\"]},{\"@type\":\"Person\",\"@id\":\"https:\/\/www.threatshub.org\/blog\/#\/schema\/person\/12e0a8671ff89a863584f193e7062476\",\"name\":\"TH Author\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/www.threatshub.org\/blog\/#\/schema\/person\/image\/\",\"url\":\"https:\/\/secure.gravatar.com\/avatar\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g\",\"contentUrl\":\"https:\/\/secure.gravatar.com\/avatar\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g\",\"caption\":\"TH Author\"}}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"Researchers Unearth Windows Backdoor That's Unusually Stealthy 2026 | ThreatsHub Cybersecurity News","description":"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security & Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/www.threatshub.org\/blog\/researchers-unearth-windows-backdoor-thats-unusually-stealthy\/","og_locale":"en_US","og_type":"article","og_title":"Researchers Unearth Windows Backdoor That's Unusually Stealthy 2026 | ThreatsHub Cybersecurity News","og_description":"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security & Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.","og_url":"https:\/\/www.threatshub.org\/blog\/researchers-unearth-windows-backdoor-thats-unusually-stealthy\/","og_site_name":"ThreatsHub Cybersecurity News","article_published_time":"2023-02-17T15:37:45+00:00","og_image":[{"url":"https:\/\/cdn.arstechnica.net\/wp-content\/uploads\/2021\/03\/backdoor-800x450.jpeg","type":"","width":"","height":""}],"author":"TH Author","twitter_card":"summary_large_image","twitter_creator":"@threatshub","twitter_site":"@threatshub","twitter_misc":{"Written by":"TH Author","Est. reading time":"3 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/www.threatshub.org\/blog\/researchers-unearth-windows-backdoor-thats-unusually-stealthy\/#article","isPartOf":{"@id":"https:\/\/www.threatshub.org\/blog\/researchers-unearth-windows-backdoor-thats-unusually-stealthy\/"},"author":{"name":"TH Author","@id":"https:\/\/www.threatshub.org\/blog\/#\/schema\/person\/12e0a8671ff89a863584f193e7062476"},"headline":"Researchers Unearth Windows Backdoor That&#8217;s Unusually Stealthy","datePublished":"2023-02-17T15:37:45+00:00","mainEntityOfPage":{"@id":"https:\/\/www.threatshub.org\/blog\/researchers-unearth-windows-backdoor-thats-unusually-stealthy\/"},"wordCount":689,"publisher":{"@id":"https:\/\/www.threatshub.org\/blog\/#organization"},"image":{"@id":"https:\/\/www.threatshub.org\/blog\/researchers-unearth-windows-backdoor-thats-unusually-stealthy\/#primaryimage"},"thumbnailUrl":"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2023\/02\/researchers-unearth-windows-backdoor-thats-unusually-stealthy.jpg","keywords":["headline,hacker,microsoft,backdoor"],"articleSection":["CyberSecurity Blogs"],"inLanguage":"en-US"},{"@type":"WebPage","@id":"https:\/\/www.threatshub.org\/blog\/researchers-unearth-windows-backdoor-thats-unusually-stealthy\/","url":"https:\/\/www.threatshub.org\/blog\/researchers-unearth-windows-backdoor-thats-unusually-stealthy\/","name":"Researchers Unearth Windows Backdoor That's Unusually Stealthy 2026 | ThreatsHub Cybersecurity News","isPartOf":{"@id":"https:\/\/www.threatshub.org\/blog\/#website"},"primaryImageOfPage":{"@id":"https:\/\/www.threatshub.org\/blog\/researchers-unearth-windows-backdoor-thats-unusually-stealthy\/#primaryimage"},"image":{"@id":"https:\/\/www.threatshub.org\/blog\/researchers-unearth-windows-backdoor-thats-unusually-stealthy\/#primaryimage"},"thumbnailUrl":"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2023\/02\/researchers-unearth-windows-backdoor-thats-unusually-stealthy.jpg","datePublished":"2023-02-17T15:37:45+00:00","description":"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security & Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.","breadcrumb":{"@id":"https:\/\/www.threatshub.org\/blog\/researchers-unearth-windows-backdoor-thats-unusually-stealthy\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/www.threatshub.org\/blog\/researchers-unearth-windows-backdoor-thats-unusually-stealthy\/"]}]},{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.threatshub.org\/blog\/researchers-unearth-windows-backdoor-thats-unusually-stealthy\/#primaryimage","url":"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2023\/02\/researchers-unearth-windows-backdoor-thats-unusually-stealthy.jpg","contentUrl":"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2023\/02\/researchers-unearth-windows-backdoor-thats-unusually-stealthy.jpg","width":800,"height":450},{"@type":"BreadcrumbList","@id":"https:\/\/www.threatshub.org\/blog\/researchers-unearth-windows-backdoor-thats-unusually-stealthy\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/www.threatshub.org\/blog\/"},{"@type":"ListItem","position":2,"name":"headline,hacker,microsoft,backdoor","item":"https:\/\/www.threatshub.org\/blog\/tag\/headlinehackermicrosoftbackdoor\/"},{"@type":"ListItem","position":3,"name":"Researchers Unearth Windows Backdoor That&#8217;s Unusually Stealthy"}]},{"@type":"WebSite","@id":"https:\/\/www.threatshub.org\/blog\/#website","url":"https:\/\/www.threatshub.org\/blog\/","name":"ThreatsHub Cybersecurity News","description":"%%focuskw%% Threat Intel \u2013 Threat Intel Services \u2013 CyberIntelligence \u2013 Cyber Threat Intelligence - Threat Intelligence Feeds - Threat Intelligence Reports - CyberSecurity Report \u2013 Cyber Security PDF \u2013 Cybersecurity Trends - Cloud Sandbox \u2013- Threat IntelligencePortal \u2013 Incident Response \u2013 Threat Hunting \u2013 IOC - Yara - Security Operations Center \u2013 SecurityOperation Center \u2013 Security SOC \u2013 SOC Services - Advanced Threat - Threat Detection - TargetedAttack \u2013 APT \u2013 Anti-APT \u2013 Advanced Protection \u2013 Cyber Security Services \u2013 Cybersecurity Services -Threat Intelligence Platform","publisher":{"@id":"https:\/\/www.threatshub.org\/blog\/#organization"},"alternateName":"Threatshub.org","potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/www.threatshub.org\/blog\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-US"},{"@type":"Organization","@id":"https:\/\/www.threatshub.org\/blog\/#organization","name":"ThreatsHub.org","alternateName":"Threatshub.org","url":"https:\/\/www.threatshub.org\/blog\/","logo":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.threatshub.org\/blog\/#\/schema\/logo\/image\/","url":"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2025\/05\/Threatshub_Favicon1.jpg","contentUrl":"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2025\/05\/Threatshub_Favicon1.jpg","width":432,"height":435,"caption":"ThreatsHub.org"},"image":{"@id":"https:\/\/www.threatshub.org\/blog\/#\/schema\/logo\/image\/"},"sameAs":["https:\/\/x.com\/threatshub"]},{"@type":"Person","@id":"https:\/\/www.threatshub.org\/blog\/#\/schema\/person\/12e0a8671ff89a863584f193e7062476","name":"TH Author","image":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.threatshub.org\/blog\/#\/schema\/person\/image\/","url":"https:\/\/secure.gravatar.com\/avatar\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g","caption":"TH Author"}}]}},"_links":{"self":[{"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/posts\/50616","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/users\/2"}],"replies":[{"embeddable":true,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/comments?post=50616"}],"version-history":[{"count":0,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/posts\/50616\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/media\/50617"}],"wp:attachment":[{"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/media?parent=50616"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/categories?post=50616"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/tags?post=50616"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}