S0208 Pasam
Pasam is a trojan used by Elderwood to open a backdoor on compromised hosts. 1 2
| Item | Value |
|---|---|
| ID | S0208 |
| Associated Names | |
| Type | MALWARE |
| Version | 1.1 |
| Created | 18 April 2018 |
| Last Modified | 06 January 2021 |
| Navigation Layer | View In ATT&CK® Navigator |
Techniques Used
| Domain | ID | Name | Use |
|---|---|---|---|
| enterprise | T1547 | Boot or Logon Autostart Execution | - |
| enterprise | T1547.008 | LSASS Driver | Pasam establishes by infecting the Security Accounts Manager (SAM) DLL to load a malicious DLL dropped to disk.2 |
| enterprise | T1005 | Data from Local System | Pasam creates a backdoor through which remote attackers can retrieve files.2 |
| enterprise | T1083 | File and Directory Discovery | Pasam creates a backdoor through which remote attackers can retrieve lists of files.2 |
| enterprise | T1070 | Indicator Removal | - |
| enterprise | T1070.004 | File Deletion | Pasam creates a backdoor through which remote attackers can delete files.2 |
| enterprise | T1105 | Ingress Tool Transfer | Pasam creates a backdoor through which remote attackers can upload files.2 |
| enterprise | T1057 | Process Discovery | Pasam creates a backdoor through which remote attackers can retrieve lists of running processes.2 |
| enterprise | T1082 | System Information Discovery | Pasam creates a backdoor through which remote attackers can retrieve information such as hostname and free disk space.2 |
Groups That Use This Software
| ID | Name | References |
|---|---|---|
| G0066 | Elderwood | 1 |