Skip to content

S0060 Sys10

Sys10 is a backdoor that was used throughout 2013 by Naikon. 1

Item Value
ID S0060
Associated Names
Type MALWARE
Version 1.1
Created 31 May 2017
Last Modified 18 March 2020
Navigation Layer View In ATT&CK® Navigator

Techniques Used

Domain ID Name Use
enterprise T1071 Application Layer Protocol -
enterprise T1071.001 Web Protocols Sys10 uses HTTP for C2.1
enterprise T1573 Encrypted Channel -
enterprise T1573.001 Symmetric Cryptography Sys10 uses an XOR 0x1 loop to encrypt its C2 domain.1
enterprise T1069 Permission Groups Discovery -
enterprise T1069.001 Local Groups Sys10 collects the group name of the logged-in user and sends it to the C2.1
enterprise T1082 System Information Discovery Sys10 collects the computer name, OS versioning information, and OS install date and sends the information to the C2.1
enterprise T1016 System Network Configuration Discovery Sys10 collects the local IP address of the victim and sends it to the C2.1
enterprise T1033 System Owner/User Discovery Sys10 collects the account name of the logged-in user and sends it to the C2.1

Groups That Use This Software

ID Name References
G0019 Naikon 1

References

Back to top