HiKit

Description

(Novetta) Hikit consists of at least two generations of malware that provides basic RAT functionality. The first generation of Hikit (referred to as “Gen 1”) operates as a server and requires an externally exposed network interface in order for an attacker to access the victim machine. The second generation of Hikit (referred to as “Gen 2”) uses the more traditional client model and beacons out to an attacker’s C2 server. While the communication models shifted dramatically between Gen 1 and Gen 2, both generations of Hikit retain the same basic RAT function consisting of remote command shell, file management, network proxy and port forwarding.

Names

Name
HiKit

Category

Malware

Type

• Backdoor
• Tunneling

Information

• https://www.novetta.com/wp-content/uploads/2014/11/HiKit.pdf
• https://www.recordedfuture.com/hidden-lynx-analysis/

Mitre Attack

• https://attack.mitre.org/software/S0009/

Malpedia

• https://malpedia.caad.fkie.fraunhofer.de/details/win.hikit

Alienvault Otx

• https://otx.alienvault.com/browse/pulses?q=tag:hikit

Other Information

Uuid

4b11af2b-ef10-4160-ac62-046b4289e683

Last Card Change

2020-05-13