S0437 Kivars
Kivars is a modular remote access tool (RAT), derived from the Bifrost RAT, that was used by BlackTech in a 2010 campaign.1
| Item | Value |
|---|---|
| ID | S0437 |
| Associated Names | |
| Type | MALWARE |
| Version | 1.0 |
| Created | 06 May 2020 |
| Last Modified | 03 June 2020 |
| Navigation Layer | View In ATT&CK® Navigator |
Techniques Used
| Domain | ID | Name | Use |
|---|---|---|---|
| enterprise | T1083 | File and Directory Discovery | Kivars has the ability to list drives on the infected host.1 |
| enterprise | T1564 | Hide Artifacts | - |
| enterprise | T1564.003 | Hidden Window | Kivars has the ability to conceal its activity through hiding active windows.1 |
| enterprise | T1070 | Indicator Removal | - |
| enterprise | T1070.004 | File Deletion | Kivars has the ability to uninstall malware from the infected host.1 |
| enterprise | T1105 | Ingress Tool Transfer | Kivars has the ability to download and execute files.1 |
| enterprise | T1056 | Input Capture | - |
| enterprise | T1056.001 | Keylogging | Kivars has the ability to initiate keylogging on the infected host.1 |
| enterprise | T1021 | Remote Services | Kivars has the ability to remotely trigger keyboard input and mouse clicks. 1 |
| enterprise | T1113 | Screen Capture | Kivars has the ability to capture screenshots on the infected host.1 |
Groups That Use This Software
| ID | Name | References |
|---|---|---|
| G0098 | BlackTech | 12 |