BISCUIT
[BISCUIT] is a backdoor that has been used by [APT1](https://attack.mitre.org/groups/G0006) since as early as 2007. (Citation: Mandiant APT1)
Calisto
[Calisto] is a macOS Trojan that opens a backdoor on the compromised machine. [Calisto] is believed to have first been developed in 2016. (Citation: Securelist Calisto July 2018) (Citation: Symantec Calisto July 2018)
Pisloader
[Pisloader] is a malware family that is notable due to its use of DNS as a C2 protocol as well as its use of anti-analysis tactics. It has been used by [APT18](https://attack.mitre.org/groups/G0026) and is similar to another malware family, [HTTPBrowser](https://attack.mitre.org/software/S0070), that has been used by the group. (Citation: Palo Alto DNS Requests)
GoldenSpy
[GoldenSpy] is a backdoor malware which has been packaged with legitimate tax preparation software. [GoldenSpy] was discovered targeting organizations in China, being delivered with the "Intelligent Tax" software suite which is produced by the Golden Tax Department of Aisino Credit Information Co. and required to pay local taxes.(Citation: Trustwave GoldenSpy June 2020)
Gold Dragon
[Gold Dragon] is a Korean-language, data gathering implant that was first observed in the wild in South Korea in July 2017. [Gold Dragon] was used along with [Brave Prince](https://attack.mitre.org/software/S0252) and [RunningRAT](https://attack.mitre.org/software/S0253) in operations targeting organizations associated with the 2018 Pyeongchang Winter Olympics. (Citation: McAfee Gold Dragon)
RGDoor
[RGDoor] is a malicious Internet Information Services (IIS) backdoor developed in the C++ language. [RGDoor] has been seen deployed on webservers belonging to the Middle East government organizations. [RGDoor] provides backdoor access to compromised IIS servers. (Citation: Unit 42 RGDoor Jan 2018)
Ramsay
[Ramsay] is an information stealing malware framework designed to collect and exfiltrate sensitive documents, including from air-gapped systems. Researchers have identified overlaps between [Ramsay] and the [Darkhotel](https://attack.mitre.org/groups/G0012)-associated Retro malware.(Citation: Eset Ramsay May 2020)(Citation: Antiy CERT Ramsay April 2020)
FakeM
[FakeM] is a shellcode-based Windows backdoor that has been used by [Scarlet Mimic](https://attack.mitre.org/groups/G0029). (Citation: Scarlet Mimic Jan 2016)
HARDRAIN
[HARDRAIN] is a Trojan malware variant reportedly used by the North Korean government. (Citation: US-CERT HARDRAIN March 2018)
Pillowmint
[Pillowmint] is a point-of-sale malware used by [FIN7](https://attack.mitre.org/groups/G0046) designed to capture credit card information.(Citation: Trustwave Pillowmint June 2020)