Psylo

Psylo is a shellcode-based Trojan that has been used by Scarlet Mimic. It has similar characteristics as FakeM. [1]

ID: S0078
Aliases: Psylo
Type: MALWARE
Platforms: Windows

Version: 1.0

Techniques Used

DomainIDNameUse
EnterpriseT1041Exfiltration Over Command and Control ChannelPsylo exfiltrates data to its C2 server over the same protocol as C2 communications.[1]
EnterpriseT1083File and Directory DiscoveryPsylo has commands to enumerate all storage devices and to find all files that start with a particular string.[1]
EnterpriseT1105Remote File CopyPsylo has a command to download a file to the system from its C2 server.[1]
EnterpriseT1071Standard Application Layer ProtocolPsylo uses HTTPS for C2.[1]
EnterpriseT1099TimestompPsylo has a command to conduct timestomping by setting a specified file’s timestamps to match those of a system file in the System32 directory.[1]

Groups

Groups that use this software:

Scarlet Mimic

References