{
  "modified": "2024-01-04T20:02:49.672Z",
  "name": "Samurai",
  "description": "[Samurai](https://attack.mitre.org/software/S1099) is a passive backdoor that has been used by [ToddyCat](https://attack.mitre.org/groups/G1022) since at least 2020. [Samurai](https://attack.mitre.org/software/S1099) allows arbitrary C# code execution and is used with multiple modules for remote administration and lateral movement.(Citation: Kaspersky ToddyCat June 2022)",
  "is_family": true,
  "x_mitre_platforms": [
    "Windows"
  ],
  "x_mitre_deprecated": false,
  "x_mitre_domains": [
    "enterprise-attack"
  ],
  "x_mitre_version": "1.0",
  "x_mitre_aliases": [
    "Samurai"
  ],
  "type": "malware",
  "spec_version": "2.1",
  "id": "malware--ae91fb8f-5031-4f57-9839-e3be3ed503f0",
  "created": "2024-01-04T20:01:26.144Z",
  "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
  "revoked": false,
  "external_references": [
    {
      "source_name": "mitre-attack",
      "url": "https://attack.mitre.org/software/S1099",
      "external_id": "S1099"
    },
    {
      "source_name": "Kaspersky ToddyCat June 2022",
      "description": "Dedola, G. (2022, June 21). APT ToddyCat. Retrieved January 3, 2024.",
      "url": "https://securelist.com/toddycat/106799/"
    }
  ],
  "object_marking_refs": [
    "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
  ],
  "x_mitre_attack_spec_version": "3.2.0",
  "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
}