Kasidet
ID: S0088
ⓘ
Type: MALWARE
ⓘ
Platforms: Windows
Version: 1.1
Created: 31 May 2017
Last Modified: 30 March 2020
Techniques Used
| Domain | ID | Name | Use | |
|---|---|---|---|---|
| Enterprise | T1547 | .001 | 启动或登录自动启动执行: Registry Run Keys / Startup Folder |
Kasidet creates a Registry Run key to establish persistence.[1][2] |
| Enterprise | T1059 | .003 | 命令与脚本解释器: Windows Command Shell | |
| Enterprise | T1562 | .004 | 妨碍防御: Disable or Modify System Firewall |
Kasidet has the ability to change firewall settings to allow a plug-in to be downloaded.[1] |
| Enterprise | T1113 | 屏幕捕获 |
Kasidet has the ability to initiate keylogging and screen captures.[1] |
|
| Enterprise | T1083 | 文件和目录发现 |
Kasidet has the ability to search for a given filename on a victim.[1] |
|
| Enterprise | T1082 | 系统信息发现 |
Kasidet has the ability to obtain a victim's system name and operating system version.[1] |
|
| Enterprise | T1518 | .001 | 软件发现: Security Software Discovery |
Kasidet has the ability to identify any anti-virus installed on the infected system.[1] |
| Enterprise | T1105 | 输入工具传输 |
Kasidet has the ability to download and execute additional files.[1] |
|
| Enterprise | T1056 | .001 | 输入捕获: Keylogging | |
| Enterprise | T1057 | 进程发现 |
Kasidet has the ability to search for a given process name in processes currently running in the system.[1] |
|