Skip to content

S0437 Kivars

Kivars is a modular remote access tool (RAT), derived from the Bifrost RAT, that was used by BlackTech in a 2010 campaign.1

Item Value
ID S0437
Associated Names
Type MALWARE
Version 1.0
Created 06 May 2020
Last Modified 03 June 2020
Navigation Layer View In ATT&CK® Navigator

Techniques Used

Domain ID Name Use
enterprise T1083 File and Directory Discovery Kivars has the ability to list drives on the infected host.1
enterprise T1564 Hide Artifacts -
enterprise T1564.003 Hidden Window Kivars has the ability to conceal its activity through hiding active windows.1
enterprise T1070 Indicator Removal -
enterprise T1070.004 File Deletion Kivars has the ability to uninstall malware from the infected host.1
enterprise T1105 Ingress Tool Transfer Kivars has the ability to download and execute files.1
enterprise T1056 Input Capture -
enterprise T1056.001 Keylogging Kivars has the ability to initiate keylogging on the infected host.1
enterprise T1021 Remote Services Kivars has the ability to remotely trigger keyboard input and mouse clicks. 1
enterprise T1113 Screen Capture Kivars has the ability to capture screenshots on the infected host.1

Groups That Use This Software

ID Name References
G0098 BlackTech 12

References