Skip to content

S0088 Kasidet

Kasidet is a backdoor that has been dropped by using malicious VBA macros. 1

Item Value
ID S0088
Associated Names
Type MALWARE
Version 1.1
Created 31 May 2017
Last Modified 30 March 2020
Navigation Layer View In ATT&CK® Navigator

Techniques Used

Domain ID Name Use
enterprise T1547 Boot or Logon Autostart Execution -
enterprise T1547.001 Registry Run Keys / Startup Folder Kasidet creates a Registry Run key to establish persistence.12
enterprise T1059 Command and Scripting Interpreter -
enterprise T1059.003 Windows Command Shell Kasidet can execute commands using cmd.exe.1
enterprise T1083 File and Directory Discovery Kasidet has the ability to search for a given filename on a victim.1
enterprise T1562 Impair Defenses -
enterprise T1562.004 Disable or Modify System Firewall Kasidet has the ability to change firewall settings to allow a plug-in to be downloaded.1
enterprise T1105 Ingress Tool Transfer Kasidet has the ability to download and execute additional files.1
enterprise T1056 Input Capture -
enterprise T1056.001 Keylogging Kasidet has the ability to initiate keylogging.1
enterprise T1057 Process Discovery Kasidet has the ability to search for a given process name in processes currently running in the system.1
enterprise T1113 Screen Capture Kasidet has the ability to initiate keylogging and screen captures.1
enterprise T1518 Software Discovery -
enterprise T1518.001 Security Software Discovery Kasidet has the ability to identify any anti-virus installed on the infected system.1
enterprise T1082 System Information Discovery Kasidet has the ability to obtain a victim’s system name and operating system version.1

References

Back to top