Malware: Hikit

Description

[Hikit](https://attack.mitre.org/software/S0009) is malware that has been used by [Axiom](https://attack.mitre.org/groups/G0001) for late-stage persistence and exfiltration after the initial compromise.(Citation: Novetta-Axiom)(Citation: FireEye Hikit Rootkit)

External References

• mitre-attack
• FireEye Hikit Rootkit
• Novetta-Axiom

Techniques Used by This Malware

• T1005 — Data from Local System
• T1014 — Rootkit
• T1059.003 — Windows Command Shell
• T1071.001 — Web Protocols
• T1090.001 — Internal Proxy
• T1105 — Ingress Tool Transfer
• T1553.004 — Install Root Certificate
• T1553.006 — Code Signing Policy Modification
• T1566 — Phishing
• T1573.001 — Symmetric Cryptography
• T1574.001 — DLL

APT Groups Using This Malware

• Axiom