DinDoor Backdoor: Deno Runtime Abuse and 20 Active C2 Servers

This report analyzes DinDoor, a Deno-based backdoor delivered via malicious MSI installers, comparing two samples that use differing execution methods (one writes JS to disk, the other executes JS in-memory). It documents the payload's host fingerprinting, C2 interaction (including a hardcoded JWT linking to serialmenot.com), network indicators and 20 active servers discovered via a HuntSQL query, and provides mitigation steps and IOCs for detection and response.