Domain | ID | Name | Use | |
---|---|---|---|---|
Enterprise | T1071 | .002 | Application Layer Protocol: File Transfer Protocols |
SYSCON has the ability to use FTP in C2 communications.[1][2] |
Enterprise | T1059 | .003 | Command and Scripting Interpreter: Windows Command Shell |
SYSCON has the ability to execute commands through cmd on a compromised host.[2] |
Enterprise | T1057 | Process Discovery |
SYSCON has the ability to use Tasklist to list running processes.[2] |
|
Enterprise | T1082 | System Information Discovery |
SYSCON has the ability to use Systeminfo to identify system information.[2] |
|
Enterprise | T1204 | .002 | User Execution: Malicious File |
SYSCON has been executed by luring victims to open malicious e-mail attachments.[1] |
ID | Name | Description |
---|---|---|
C0006 | Operation Honeybee |
Operation Honeybee included the use of an upgraded version of SYSCON.[3] |