ATT&CK v12 is now live! Check out the updates here

SOFTWARE

Android/AdDisplay.Ashas

Android/Chuli.A

AndroidOS/MalLocker.B

ANDROIDOS_ANSERVER.A

AutoIt backdoor

Backdoor.Oldrea

Caterpillar WebShell

CSPY Downloader

Desert Scorpion

ECCENTRICBANDWAGON

Exaramel for Linux

Exaramel for Windows

Hacking Team UEFI Rootkit

Heyoka Backdoor

Imminent Monitor

IronNetInjector

Olympic Destroyer

OSX_OCEANLOTUS.D

P.A.S. Webshell

Pass-The-Hash Toolkit

Pegasus for Android

Pegasus for iOS

RemoteUtilities

ShimRatReporter

Trojan-SMS.AndroidOS.Agent.ao

Trojan-SMS.AndroidOS.FakeInst.a

Trojan-SMS.AndroidOS.OpFake.a

Trojan.Karagany

Windows Credential Editor

Winnti for Linux

Winnti for Windows

X-Agent for Android

XLoader for Android

XLoader for iOS

SOFTWARE

1-9

A-B

Android/AdDisplay.Ashas

Android/Chuli.A

AndroidOS/MalLocker.B

ANDROIDOS_ANSERVER.A

AutoIt backdoor

Backdoor.Oldrea

C-D

Caterpillar WebShell

CSPY Downloader

Desert Scorpion

E-F

ECCENTRICBANDWAGON

Exaramel for Linux

Exaramel for Windows

G-H

Hacking Team UEFI Rootkit

Heyoka Backdoor

I-J

Imminent Monitor

IronNetInjector

K-L

M-N

O-P

Olympic Destroyer

OSX_OCEANLOTUS.D

P.A.S. Webshell

Pass-The-Hash Toolkit

Pegasus for Android

Pegasus for iOS

Q-R

RemoteUtilities

S-T

ShimRatReporter

Trojan-SMS.AndroidOS.Agent.ao

Trojan-SMS.AndroidOS.FakeInst.a

Trojan-SMS.AndroidOS.OpFake.a

Trojan.Karagany

U-V

W-X

Windows Credential Editor

Winnti for Linux

Winnti for Windows

X-Agent for Android

XLoader for Android

XLoader for iOS

Y-Z

Kasidet

Kasidet is a backdoor that has been dropped by using malicious VBA macros. ^[1]

ID: S0088

ⓘ

Type: MALWARE

ⓘ

Platforms: Windows

Version: 1.1

Created: 31 May 2017

Last Modified: 30 March 2020

Version Permalink

Live Version

Techniques Used

Domain	ID		Name	Use
Enterprise	T1547	.001	Boot or Logon Autostart Execution: Registry Run Keys / Startup Folder	Kasidet creates a Registry Run key to establish persistence.^[1]^[2]
Enterprise	T1059	.003	Command and Scripting Interpreter: Windows Command Shell	Kasidet can execute commands using cmd.exe.^[1]
Enterprise	T1083		File and Directory Discovery	Kasidet has the ability to search for a given filename on a victim.^[1]
Enterprise	T1562	.004	Impair Defenses: Disable or Modify System Firewall	Kasidet has the ability to change firewall settings to allow a plug-in to be downloaded.^[1]
Enterprise	T1105		Ingress Tool Transfer	Kasidet has the ability to download and execute additional files.^[1]
Enterprise	T1056	.001	Input Capture: Keylogging	Kasidet has the ability to initiate keylogging.^[1]
Enterprise	T1057		Process Discovery	Kasidet has the ability to search for a given process name in processes currently running in the system.^[1]
Enterprise	T1113		Screen Capture	Kasidet has the ability to initiate keylogging and screen captures.^[1]
Enterprise	T1518	.001	Software Discovery: Security Software Discovery	Kasidet has the ability to identify any anti-virus installed on the infected system.^[1]
Enterprise	T1082		System Information Discovery	Kasidet has the ability to obtain a victim's system name and operating system version.^[1]

References

Yadav, A., et al. (2016, January 29). Malicious Office files dropping Kasidet and Dridex. Retrieved March 24, 2016.

Manuel, J. and Plantado, R.. (2015, August 9). Win32/Kasidet. Retrieved March 24, 2016.