S0208 Pasam
Pasam is a trojan used by Elderwood to open a backdoor on compromised hosts. 2 1
| Item | Value |
|---|---|
| ID | S0208 |
| Associated Names | |
| Type | MALWARE |
| Version | 1.2 |
| Created | 18 April 2018 |
| Last Modified | 21 October 2025 |
| Navigation Layer | View In ATT&CK® Navigator |
Techniques Used
| Domain | ID | Name | Use |
|---|---|---|---|
| enterprise | T1547 | Boot or Logon Autostart Execution | - |
| enterprise | T1547.008 | LSASS Driver | Pasam establishes by infecting the Security Accounts Manager (SAM) DLL to load a malicious DLL dropped to disk.1 |
| enterprise | T1005 | Data from Local System | Pasam creates a backdoor through which remote attackers can retrieve files.1 |
| enterprise | T1083 | File and Directory Discovery | Pasam creates a backdoor through which remote attackers can retrieve lists of files.1 |
| enterprise | T1070 | Indicator Removal | - |
| enterprise | T1070.004 | File Deletion | Pasam creates a backdoor through which remote attackers can delete files.1 |
| enterprise | T1105 | Ingress Tool Transfer | Pasam creates a backdoor through which remote attackers can upload files.1 |
| enterprise | T1680 | Local Storage Discovery | Pasam creates a backdoor through which remote attackers can retrieve information like free disk space.1 |
| enterprise | T1057 | Process Discovery | Pasam creates a backdoor through which remote attackers can retrieve lists of running processes.1 |
| enterprise | T1082 | System Information Discovery | Pasam creates a backdoor through which remote attackers can retrieve information like hostname.1 |
Groups That Use This Software
| ID | Name | References |
|---|---|---|
| G0066 | Elderwood | 2 |