Kasidet
ID: S0088
Aliases: Kasidet
Type: MALWARE
Platforms: Windows
Version: 1.0
Techniques Used
Domain | ID | Name | Use |
---|---|---|---|
Enterprise | T1059 | Command-Line Interface | Kasidet can execute commands using cmd.exe.[1] |
Enterprise | T1089 | Disabling Security Tools | Kasidet has the ability to change firewall settings to allow a plug-in to be downloaded.[1] |
Enterprise | T1083 | File and Directory Discovery | Kasidet has the ability to search for a given filename on a victim.[1] |
Enterprise | T1056 | Input Capture | Kasidet has the ability to initiate keylogging.[1] |
Enterprise | T1057 | Process Discovery | Kasidet has the ability to search for a given process name in processes currently running in the system.[1] |
Enterprise | T1060 | Registry Run Keys / Startup Folder | Kasidet creates a Registry Run key to establish persistence.[1][2] |
Enterprise | T1105 | Remote File Copy | Kasidet has the ability to download and execute additional files.[1] |
Enterprise | T1113 | Screen Capture | Kasidet has the ability to initiate keylogging and screen captures.[1] |
Enterprise | T1063 | Security Software Discovery | Kasidet has the ability to identify any anti-virus installed on the infected system.[1] |
Enterprise | T1082 | System Information Discovery | Kasidet has the ability to obtain a victim's system name and operating system version.[1] |