Kivars

Kivars is a modular remote access tool (RAT), derived from the Bifrost RAT, that was used by BlackTech in a 2010 campaign.[1]

ID: S0437
Type: MALWARE
Platforms: Windows
Version: 1.0
Created: 06 May 2020
Last Modified: 03 June 2020

Techniques Used

Domain ID Name Use
Enterprise T1083 File and Directory Discovery

Kivars has the ability to list drives on the infected host.[1]

Enterprise T1564 .003 Hide Artifacts: Hidden Window

Kivars has the ability to conceal its activity through hiding active windows.[1]

Enterprise T1070 .004 Indicator Removal: File Deletion

Kivars has the ability to uninstall malware from the infected host.[1]

Enterprise T1105 Ingress Tool Transfer

Kivars has the ability to download and execute files.[1]

Enterprise T1056 .001 Input Capture: Keylogging

Kivars has the ability to initiate keylogging on the infected host.[1]

Enterprise T1021 Remote Services

Kivars has the ability to remotely trigger keyboard input and mouse clicks. [1]

Enterprise T1113 Screen Capture

Kivars has the ability to capture screenshots on the infected host.[1]

Groups That Use This Software

ID Name References
G0098 BlackTech

[1][2]

References