Vasport is a trojan used by Elderwood to open a backdoor on compromised hosts. [1] [2]

ID: S0207
Platforms: Windows
Version: 1.1
Created: 18 April 2018
Last Modified: 06 January 2021

Techniques Used

Domain ID Name Use
Enterprise T1071 .001 Application Layer Protocol: Web Protocols

Vasport creates a backdoor by making a connection using a HTTP POST.[2]

Enterprise T1547 .001 Boot or Logon Autostart Execution: Registry Run Keys / Startup Folder

Vasport copies itself to disk and creates an associated run key Registry entry to establish.[2]

Enterprise T1105 Ingress Tool Transfer

Vasport can download files.[2]

Enterprise T1090 Proxy

Vasport is capable of tunneling though a proxy.[2]

Groups That Use This Software

ID Name References
G0066 Elderwood