Jun 5, 2026
C2 Hosts: 142
BPFDoor
Also known as: JustForFun
BPFDoor is a passive backdoor used by a China-based threat actor. This backdoor supports multiple protocols for communicating with a C2 including TCP, UDP, and ICMP allowing the threat actor a variety of mechanisms to interact with the implant.
Linked Threat Actors
Red Menshen
C2 Infrastructure
ISP/Residential 87%
Hosting/VPS 12%
Unknown 1%
Last 7 days
| Date | C2 Hosts |
|---|---|
| Jun 5, 2026 | 142 |
Further Reading
blog.qualys.com opens in a new tab
blog.qualys.com
doublepulsar.com opens in a new tab
doublepulsar.com
elastic.github.io opens in a new tab
elastic.github.io
en.yna.co.kr opens in a new tab
en.yna.co.kr
exatrack.com opens in a new tab
exatrack.com
haxrob.net opens in a new tab
haxrob.net
haxrob.net opens in a new tab
haxrob.net
lolcads.github.io opens in a new tab
lolcads.github.io
nikhilh-20.github.io opens in a new tab
nikhilh-20.github.io
troopers.de opens in a new tab
troopers.de
twitter.com opens in a new tab
twitter.com
twitter.com opens in a new tab
twitter.com
unfinished.bike opens in a new tab
unfinished.bike
bleepingcomputer.com opens in a new tab
bleepingcomputer.com
crowdstrike.com opens in a new tab
crowdstrike.com
deepinstinct.com opens in a new tab
deepinstinct.com
elastic.co opens in a new tab
elastic.co
mandiant.com opens in a new tab
mandiant.com
pwc.com opens in a new tab
pwc.com
rapid7.com opens in a new tab
rapid7.com
sandflysecurity.com opens in a new tab
sandflysecurity.com
trendmicro.com opens in a new tab
trendmicro.com
trendmicro.com opens in a new tab
trendmicro.com