1. Home
  2. Software
  3. Vasport

Vasport

Vasport is a trojan used by Elderwood to open a backdoor on compromised hosts. [1] [2]

ID: S0207
Type: MALWARE
Platforms: Windows
Version: 1.1
Created: 18 April 2018
Last Modified: 06 January 2021
Enterprise Layer
download view

Techniques Used

Domain ID Name Use
Enterprise T1071 .001 Application Layer Protocol: Web Protocols

Vasport creates a backdoor by making a connection using a HTTP POST.[2]
Enterprise T1547 .001 Boot or Logon Autostart Execution: Registry Run Keys / Startup Folder

Vasport copies itself to disk and creates an associated run key Registry entry to establish.[2]
Enterprise T1105 Ingress Tool Transfer

Vasport can download files.[2]
Enterprise T1090 Proxy

Vasport is capable of tunneling though a proxy.[2]

Groups That Use This Software

ID Name References
G0066 Elderwood

[1]

References

  1. O'Gorman, G., and McDonald, G.. (2012, September 6). The Elderwood Project. Retrieved February 15, 2018.
  1. Zhou, R. (2012, May 15). Backdoor.Vasport. Retrieved February 22, 2018.