Threat Group Cards: A Threat Actor Encyclopedia
Archived: 2026-04-05 18:59:24 UTC
Home > List all groups > List all tools > List all groups using tool BISCUIT
 Tool: BISCUIT
Names
BISCUIT
zxdosml
Category Malware
Type Backdoor
Description
(FireEye) The BISCUIT backdoor (so named for the command “bdkzt”) is an illustrative
example of the range of commands that APT1 has built into its “standard” backdoors.
APT1 has used and steadily modified BISCUIT since as early as 2007 and continues to
use it presently.
Information
MITRE ATT&CK Malpedia Last change to this tool card: 23 April 2020
Download this tool card in JSON format
All groups using tool BISCUIT
Changed Name Country Observed
APT groups
 Comment Crew, APT 1 2006-May 2018
1 group listed (1 APT, 0 other, 0 unknown)
Source: https://apt.etda.or.th/cgi-bin/listgroups.cgi?u=f781f7b0-9b85-4954-a751-a435ec753c9f
https://apt.etda.or.th/cgi-bin/listgroups.cgi?u=f781f7b0-9b85-4954-a751-a435ec753c9f
Page 1 of 1