ThaiCERT    ETDA    MDES
Report
Search
Home > List all groups > List all tools > List all groups using tool HiKit

Threat Group Cards: A Threat Actor Encyclopedia

Permanent link Tool: HiKit

NamesHiKit
CategoryMalware
TypeBackdoor, Tunneling
Description(Novetta) Hikit consists of at least two generations of malware that provides basic RAT functionality. The first generation of Hikit (referred to as “Gen 1”) operates as a server and requires an externally exposed network interface in order for an attacker to access the victim machine. The second generation of Hikit (referred to as “Gen 2”) uses the more traditional client model and beacons out to an attacker’s C2 server. While the communication models shifted dramatically between Gen 1 and Gen 2, both generations of Hikit retain the same basic RAT function consisting of remote command shell, file management, network proxy and port forwarding.
Information<https://www.novetta.com/wp-content/uploads/2014/11/HiKit.pdf>
<https://www.recordedfuture.com/hidden-lynx-analysis/>
MITRE ATT&CK<https://attack.mitre.org/software/S0009/>
Malpedia<https://malpedia.caad.fkie.fraunhofer.de/details/win.hikit>
AlienVault OTX<https://otx.alienvault.com/browse/pulses?q=tag:hikit>

Last change to this tool card: 13 May 2020

Download this tool card in JSON format

Previous: HighNote
Next: Hisoka

All groups using tool HiKit

ChangedNameCountryObserved

APT groups

XAPT 17, Deputy Dog, Elderwood, Sneaky PandaChina2009-Sep 2017 
 APT 31, Judgment Panda, ZirconiumChina2016 
 Axiom, Group 72China2008-2008/2014 
 Hidden Lynx, Aurora PandaChina2009-2014X

4 groups listed (4 APT, 0 other, 0 unknown)

Thailand Computer Emergency Response Team (ThaiCERT)
Electronic Transactions Development Agency

Follow us on

Facebook Twitter

Report incidents

Telephone +66 (0)2-123-1234
E-mail report@thaicert.or.th
PGP Download PGP key