KIVARS
Description
(Trend Micro) The encryption for the initial packets sent by the BKDR_KIVARS uses RC4 as the encryption. It includes the following information:
• Victim’s IP • Possible Campaign ID • OS version • Hostname • Username • KIVARS version • Recent Document\Desktop folder • Keyboard Layout
Names
Name |
---|
KIVARS |
Category
Malware
Type
- Reconnaissance
Information
- https://blog.trendmicro.com/trendlabs-security-intelligence/kivars-with-venom-targeted-attacks-upgrade-with-64-bit-support/
- https://symantec-enterprise-blogs.security.com/blogs/threat-intelligence/palmerworm-blacktech-espionage-apt
- https://www.trendmicro.com/en_us/research/17/f/following-trail-blacktech-cyber-espionage-campaigns.html
Mitre Attack
Malpedia
Alienvault Otx
Other Information
Uuid
8c076c07-b2f3-4b9e-88b5-638b31d12e2d
Last Card Change
2022-12-30