Kivars

Malware Profile Updated 3 months ago
Download STIX
Preview STIX
Kivars, a type of malware, was identified as being used in conjunction with other malicious software, PLEAD and Waterbear, to target systems. The first incidents were detected on February 23rd and March 8th, 2017, where PLEAD and Kivars were seen attacking the same target. On March 16th, 2017, another incident was observed where PLEAD, KIVARS, and Waterbear were all used against the same target. These three types of malware share the use of Right-to-Left Override (RTLO) techniques to disguise their installers as documents, making them hard to detect. The operational structure of these attacks typically involves using PLEAD and KIVARS for initial phase attacks, with Waterbear serving as a secondary backdoor installed after attackers have gained a certain level of privilege. Kivars is part of the Shrouded Crossbow suite, which employs three BIFROST-derived backdoors: BIFROSE, KIVARS, and XBOW. While KIVARS has less functionality than BIFROSE, its modular structure makes it easier to maintain. XBOW’s capabilities are derived from both BIFROSE and KIVARS. KIVARS' functionality allows attackers to download and execute files, list drives, uninstall malware service, take screenshots, activate/deactivate keyloggers, show/hide active windows, and trigger mouse clicks and keyboard inputs. The IP address 211[.]72 [.]242[.]120 has been linked to KIVARS, hosting the domain microsoftmse[.]com, which several KIVARS variants have utilized. This highlights the sophisticated nature of these attacks and the need for robust cybersecurity measures to counter such threats.
What's your take? (Question 1 of 5)
Help tune the shared Cybergeist dataset, assist your peers, and earn karma. Expand the panel to get started.
Possible Aliases / Cluster overlaps
It's hard to track cluster overlaps and naming conventions between vendors, so here are some possible overlapping names / profiles you also may want to look at.
IDVotesProfile Description
PLEAD
1
The PLEAD malware is a malicious software that was discovered by ESET researchers in 2019 to be utilized by the Chinese APT group known as BlackTech. The group was found to be performing Man-in-the-Middle (MitM) attacks through compromised ASUS routers and delivering the PLEAD malware through ASUS W
Miscellaneous Associations
Other elements of context that could aid in the identification of relevance
Backdoor
Windows
Malware
Associated Malware
To see the evidence that has resulted in this association, create a free account
IDTypeVotesProfile Description
WaterbearUnspecified
1
WaterBear is a sophisticated form of malware, known for its ability to exploit and damage computer systems. It infiltrates systems through suspicious downloads, emails, or websites, often unbeknownst to the user. Once inside, it can steal personal information, disrupt operations, or hold data hostag
XbowUnspecified
1
None
BifroseUnspecified
1
Bifrose, a form of malicious software (malware), is designed to exploit and damage computer systems. It infiltrates the user's device without their knowledge via suspicious downloads, emails, or websites. Once inside the system, Bifrose can steal personal information, disrupt operations, and even ho
Associated Threat Actors
To see the evidence that has resulted in this association, create a free account
IDTypeVotesProfile Description
No associations to display
Associated Vulnerabilities
To see the evidence that has resulted in this association, create a free account
IDTypeVotesProfile Description
No associations to display
Source Document References
Information about the Kivars Malware was read from the documents corpus below. This display is limited to 20 results, create a free account to see more
SourceCreatedAtTitle
MITRE
a year ago
The Trail of BlackTech’s Cyber Espionage Campaigns