SYSCON is a backdoor that has been in use since at least 2017 and has been associated with campaigns involving North Korean themes. SYSCON has been delivered by the CARROTBALL and CARROTBAT droppers.
Created: 02 June 2020
Last Modified: 15 June 2020
|Enterprise||T1071||.002||Application Layer Protocol: File Transfer Protocols|
|Enterprise||T1059||.003||Command and Scripting Interpreter: Windows Command Shell|
|Enterprise||T1082||System Information Discovery|
|Enterprise||T1204||.002||User Execution: Malicious File|