S0088 Kasidet
Kasidet is a backdoor that has been dropped by using malicious VBA macros. 1
| Item | Value |
|---|---|
| ID | S0088 |
| Associated Names | |
| Type | MALWARE |
| Version | 1.1 |
| Created | 31 May 2017 |
| Last Modified | 30 March 2020 |
| Navigation Layer | View In ATT&CK® Navigator |
Techniques Used
| Domain | ID | Name | Use |
|---|---|---|---|
| enterprise | T1547 | Boot or Logon Autostart Execution | - |
| enterprise | T1547.001 | Registry Run Keys / Startup Folder | Kasidet creates a Registry Run key to establish persistence.12 |
| enterprise | T1059 | Command and Scripting Interpreter | - |
| enterprise | T1059.003 | Windows Command Shell | Kasidet can execute commands using cmd.exe.1 |
| enterprise | T1083 | File and Directory Discovery | Kasidet has the ability to search for a given filename on a victim.1 |
| enterprise | T1562 | Impair Defenses | - |
| enterprise | T1562.004 | Disable or Modify System Firewall | Kasidet has the ability to change firewall settings to allow a plug-in to be downloaded.1 |
| enterprise | T1105 | Ingress Tool Transfer | Kasidet has the ability to download and execute additional files.1 |
| enterprise | T1056 | Input Capture | - |
| enterprise | T1056.001 | Keylogging | Kasidet has the ability to initiate keylogging.1 |
| enterprise | T1057 | Process Discovery | Kasidet has the ability to search for a given process name in processes currently running in the system.1 |
| enterprise | T1113 | Screen Capture | Kasidet has the ability to initiate keylogging and screen captures.1 |
| enterprise | T1518 | Software Discovery | - |
| enterprise | T1518.001 | Security Software Discovery | Kasidet has the ability to identify any anti-virus installed on the infected system.1 |
| enterprise | T1082 | System Information Discovery | Kasidet has the ability to obtain a victim’s system name and operating system version.1 |