Skip to content

S0207 Vasport

Vasport is a trojan used by Elderwood to open a backdoor on compromised hosts. 1 2

Item Value
ID S0207
Associated Names
Type MALWARE
Version 1.1
Created 18 April 2018
Last Modified 06 January 2021
Navigation Layer View In ATT&CK® Navigator

Techniques Used

Domain ID Name Use
enterprise T1071 Application Layer Protocol -
enterprise T1071.001 Web Protocols Vasport creates a backdoor by making a connection using a HTTP POST.2
enterprise T1547 Boot or Logon Autostart Execution -
enterprise T1547.001 Registry Run Keys / Startup Folder Vasport copies itself to disk and creates an associated run key Registry entry to establish.2
enterprise T1105 Ingress Tool Transfer Vasport can download files.2
enterprise T1090 Proxy Vasport is capable of tunneling though a proxy.2

Groups That Use This Software

ID Name References
G0066 Elderwood 1

References

  1. O’Gorman, G., and McDonald, G.. (2012, September 6). The Elderwood Project. Retrieved February 15, 2018. 

  2. Zhou, R. (2012, May 15). Backdoor.Vasport. Retrieved February 22, 2018.