Check out the results from our first round of ATT&CK Evaluations at attackevals.mitre.org!

Mivast

Mivast is a backdoor that has been used by Deep Panda. It was reportedly used in the Anthem breach. [1]

ID: S0080
Aliases: Mivast
Type: MALWARE
Platforms: Windows

Version: 1.0

Alias Descriptions

NameDescription
Mivast[1] [2]

Techniques Used

DomainIDNameUse
EnterpriseT1059Command-Line InterfaceMivast has the capability to open a remote shell and run basic commands.[2]
EnterpriseT1043Commonly Used PortMivast communicates over port 80 for C2.[2]
EnterpriseT1003Credential DumpingMivast has the capability to gather NTLM password information.[2]
EnterpriseT1060Registry Run Keys / Startup FolderMivast creates the following Registry entry: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Micromedia.[2]
EnterpriseT1105Remote File CopyMivast has the capability to download and execute .exe files.[2]

Groups

Groups that use this software:

Deep Panda

References