Sys10

Sys10 is a backdoor that was used throughout 2013 by Naikon. [1]

ID: S0060
Aliases: Sys10
Type: MALWARE
Platforms: Windows

Version: 1.0

Techniques Used

DomainIDNameUse
EnterpriseT1024Custom Cryptographic ProtocolSys10 uses an XOR 0x1 loop to encrypt its C2 domain.[1]
EnterpriseT1069Permission Groups DiscoverySys10 collects the group name of the logged-in user and sends it to the C2.[1]
EnterpriseT1071Standard Application Layer ProtocolSys10 uses HTTP for C2.[1]
EnterpriseT1082System Information DiscoverySys10 collects the computer name, OS versioning information, and OS install date and sends the information to the C2.[1]
EnterpriseT1016System Network Configuration DiscoverySys10 collects the local IP address of the victim and sends it to the C2.[1]
EnterpriseT1033System Owner/User DiscoverySys10 collects the account name of the logged-in user and sends it to the C2.[1]

Groups

Groups that use this software:

Naikon

References