Daserf

Daserf is a backdoor that has been used to spy on and steal from Japanese, South Korean, Russian, Singaporean, and Chinese victims. Researchers have identified versions written in both Visual C and Delphi. ^[1] ^[2]

ID: S0187

ⓘ

Associated Software: Muirim, Nioupale

ⓘ

Type: MALWARE

ⓘ

Platforms: Windows

Version: 1.1

Created: 16 January 2018

Last Modified: 25 April 2025

Version Permalink

Live Version

Associated Software Descriptions

Name	Description
Muirim	^[1]
Nioupale	^[1]

Techniques Used

Domain	ID		Name	Use
Enterprise	T1071	.001	Application Layer Protocol: Web Protocols	Daserf uses HTTP for C2.^[2]
Enterprise	T1560		Archive Collected Data	Daserf hides collected data in password-protected .rar archives.^[3]
		.001	Archive via Utility	Daserf hides collected data in password-protected .rar archives.^[3]
Enterprise	T1059	.003	Command and Scripting Interpreter: Windows Command Shell	Daserf can execute shell commands.^[1]^[2]
Enterprise	T1132	.001	Data Encoding: Standard Encoding	Daserf uses custom base64 encoding to obfuscate HTTP traffic.^[2]
Enterprise	T1001	.002	Data Obfuscation: Steganography	Daserf can use steganography to hide malicious code downloaded to the victim.

Daserf

Associated Software Descriptions

Enterprise Layer

Techniques Used