Skip to content

S0208 Pasam

Pasam is a trojan used by Elderwood to open a backdoor on compromised hosts. 1 2

Item Value
ID S0208
Associated Names
Type MALWARE
Version 1.1
Created 18 April 2018
Last Modified 06 January 2021
Navigation Layer View In ATT&CK® Navigator

Techniques Used

Domain ID Name Use
enterprise T1547 Boot or Logon Autostart Execution -
enterprise T1547.008 LSASS Driver Pasam establishes by infecting the Security Accounts Manager (SAM) DLL to load a malicious DLL dropped to disk.2
enterprise T1005 Data from Local System Pasam creates a backdoor through which remote attackers can retrieve files.2
enterprise T1083 File and Directory Discovery Pasam creates a backdoor through which remote attackers can retrieve lists of files.2
enterprise T1070 Indicator Removal -
enterprise T1070.004 File Deletion Pasam creates a backdoor through which remote attackers can delete files.2
enterprise T1105 Ingress Tool Transfer Pasam creates a backdoor through which remote attackers can upload files.2
enterprise T1057 Process Discovery Pasam creates a backdoor through which remote attackers can retrieve lists of running processes.2
enterprise T1082 System Information Discovery Pasam creates a backdoor through which remote attackers can retrieve information such as hostname and free disk space.2

Groups That Use This Software

ID Name References
G0066 Elderwood 1

References