BISCUIT

MITRE

Malware Type:
Other

First seen:
Unknown

Last seen:
Unknown

Details:

[BISCUIT](https://attack.mitre.org/software/S0017) is a backdoor that has been used by [APT1](https://attack.mitre.org/groups/G0006) since as early as 2007. (Citation: Mandiant APT1)

Associated Techniques (10)

ID	ATT&CK	Tactics
T1008	Fallback Channels	-
T1033	System Owner/User Discovery	-
T1056.001	Keylogging	-
T1057	Process Discovery	-
T1059.003	Windows Command Shell	-
T1082	System Information Discovery	-
T1105	Ingress Tool Transfer	-
T1113	Screen Capture	-
T1124	System Time Discovery	-
T1573.002	Asymmetric Cryptography	-

Used by Actors (1)

APT1
Nation-state

Metadata

ID:	517
Created:	13/01/2026 17:48
Updated:	06/03/2026 16:00