Kasidet

Kasidet is a backdoor that has been dropped by using malicious VBA macros. [1]

ID: S0088
Type: MALWARE
Platforms: Windows

Version: 1.0

Techniques Used

DomainIDNameUse
EnterpriseT1059Command-Line InterfaceKasidet can execute commands using cmd.exe.[1]
EnterpriseT1089Disabling Security ToolsKasidet has the ability to change firewall settings to allow a plug-in to be downloaded.[1]
EnterpriseT1083File and Directory DiscoveryKasidet has the ability to search for a given filename on a victim.[1]
EnterpriseT1056Input CaptureKasidet has the ability to initiate keylogging.[1]
EnterpriseT1057Process DiscoveryKasidet has the ability to search for a given process name in processes currently running in the system.[1]
EnterpriseT1060Registry Run Keys / Startup FolderKasidet creates a Registry Run key to establish persistence.[1][2]
EnterpriseT1105Remote File CopyKasidet has the ability to download and execute additional files.[1]
EnterpriseT1113Screen CaptureKasidet has the ability to initiate keylogging and screen captures.[1]
EnterpriseT1063Security Software DiscoveryKasidet has the ability to identify any anti-virus installed on the infected system.[1]
EnterpriseT1082System Information DiscoveryKasidet has the ability to obtain a victim's system name and operating system version.[1]

References