Pasam
ID: S0208
Type: MALWARE
Platforms: Windows
Version: 1.0
Techniques Used
Domain | ID | Name | Use |
---|---|---|---|
Enterprise | T1043 | Commonly Used Port |
Pasam connects to external C2 infrastructure and opens a backdoor over port 443.[2] |
Enterprise | T1005 | Data from Local System |
Pasam creates a backdoor through which remote attackers can retrieve files.[2] |
Enterprise | T1083 | File and Directory Discovery |
Pasam creates a backdoor through which remote attackers can retrieve lists of files.[2] |
Enterprise | T1107 | File Deletion |
Pasam creates a backdoor through which remote attackers can delete files.[2] |
Enterprise | T1177 | LSASS Driver |
Pasam establishes by infecting the Security Accounts Manager (SAM) DLL to load a malicious DLL dropped to disk.[2] |
Enterprise | T1057 | Process Discovery |
Pasam creates a backdoor through which remote attackers can retrieve lists of running processes.[2] |
Enterprise | T1105 | Remote File Copy |
Pasam creates a backdoor through which remote attackers can upload files.[2] |
Enterprise | T1082 | System Information Discovery |
Pasam creates a backdoor through which remote attackers can retrieve information such as hostname and free disk space.[2] |
Groups That Use This Software
ID | Name | References |
---|---|---|
G0066 | Elderwood | [1] |