Skuggaheimar/Threat Intelligence/Keitaro TDS
KEITARO TDS
KEITARO
EXPLOIT KIT / TDS
LEGITIMATE TOOL
Threat IntelligenceMalwareJune 30, 202515 min read

Keitaro TDS: Threat Intelligence Profile

Traffic distribution system abused by threat actors

Scroll

Keitaro TDS (also known as Keitaro) is a exploit kit / tds active since 2018. Traffic distribution system abused by threat actors. Key characteristics include: legitimate TDS abused for malvertising, traffic filtering, geo-targeting, cloaking for malware delivery.

Overview & Background

Traffic distribution system abused by threat actors. First identified in 2018, this threat is attributed to Legitimate tool, abused.

Threat Assessment

Keitaro TDS remains an active threat. Organizations should implement detection rules and monitor for indicators associated with this exploit kit / tds.

Technical Analysis

Keitaro TDS employs the following capabilities and techniques:

MITRE ATT&CK Mapping

TacticTechniqueUsage
Initial AccessT1566.001 Phishing AttachmentCommon delivery vector
ExecutionT1204.002 Malicious FileUser-triggered execution
PersistenceT1547.001 Registry Run KeysAutostart persistence
Defense EvasionT1027 Obfuscated FilesPayload obfuscation
C2T1071.001 Web ProtocolsHTTP/HTTPS C2

Detection & Defense

Defend Against Keitaro TDS

Mjolnir Security provides detection and response capabilities against Keitaro TDS and similar threats.

Threat DetectionIncident ResponseThreat HuntingMDR ServicesThreat Intelligence
  • Proactive Threat Hunting Hunt for Keitaro TDS indicators and TTPs within your environment.
  • Threat Intelligence Monitor Keitaro TDS campaigns and infrastructure changes.
  • 24/7 Incident Response Rapid containment and forensic investigation. Call +1 833 403 5875.
Written by: Mjolnir Security  |  Published: June 30, 2025
Related Reports
Malware

SocGholish: FakeUpdates

Read Report →
Malware

Latrodectus: IcedID Successor

Read Report →