Sys10

Sys10 is a backdoor that was used throughout 2013 by Naikon. [1]

ID: S0060
Type: MALWARE
Platforms: Windows

Version: 1.0

Techniques Used

DomainIDNameUse
EnterpriseT1024Custom Cryptographic ProtocolSys10 uses an XOR 0x1 loop to encrypt its C2 domain.
EnterpriseT1069Permission Groups DiscoverySys10 collects the group name of the logged-in user and sends it to the C2.
EnterpriseT1071Standard Application Layer ProtocolSys10 uses HTTP for C2.
EnterpriseT1082System Information DiscoverySys10 collects the computer name, OS versioning information, and OS install date and sends the information to the C2.
EnterpriseT1016System Network Configuration DiscoverySys10 collects the local IP address of the victim and sends it to the C2.
EnterpriseT1033System Owner/User DiscoverySys10 collects the account name of the logged-in user and sends it to the C2.

Groups

Groups that use this software:

Naikon

References