SOFTWARE
SOFTWARE
A-B
C-D
E-F
G-H
I-J
K-L
M-N
O-P
Q-R
S-T
U-V
W-X
Mivast
Mivast is a backdoor that has been used by Deep Panda. It was reportedly used in the Anthem breach. [1]
ID: S0080
Type: MALWARE
Platforms: Windows
Version: 1.1
Created: 31 May 2017
Last Modified: 25 March 2020
Techniques Used
Domain | ID | Name | Use | |
---|---|---|---|---|
Enterprise | T1547 | .001 | Boot or Logon Autostart Execution: Registry Run Keys / Startup Folder |
Mivast creates the following Registry entry: |
Enterprise | T1059 | .003 | Command and Scripting Interpreter: Windows Command Shell |
Mivast has the capability to open a remote shell and run basic commands.[2] |
Enterprise | T1105 | Ingress Tool Transfer |
Mivast has the capability to download and execute .exe files.[2] |
|
Enterprise | T1003 | .002 | OS Credential Dumping: Security Account Manager |
Mivast has the capability to gather NTLM password information.[2] |
Groups That Use This Software
ID | Name | References |
---|---|---|
G0009 | Deep Panda |
References
×