S0464Windows

S0464SYSCON

Platforms
1
ATT&CK
14.1
References
3

Description

[SYSCON](https://attack.mitre.org/software/S0464) is a backdoor that has been in use since at least 2017 and has been associated with campaigns involving North Korean themes. [SYSCON](https://attack.mitre.org/software/S0464) has been delivered by the [CARROTBALL](https://attack.mitre.org/software/S0465) and [CARROTBAT](https://attack.mitre.org/software/S0462) droppers.(Citation: Unit 42 CARROTBAT November 2018)(Citation: Unit 42 CARROTBAT January 2020)

Platforms· 1

Windows

References

  1. https://attack.mitre.org/software/S0464
  2. https://unit42.paloaltonetworks.com/unit42-the-fractured-block-campaign-carrotbat-malware-used-to-deliver-malware-targeting-southeast-asia/
  3. https://unit42.paloaltonetworks.com/the-fractured-statue-campaign-u-s-government-targeted-in-spear-phishing-attacks/

Related by meaning· 6

Nearest entities by semantic similarity across the cs-graph corpus.

Software
CARROTBAT
Software
CARROTBALL
Software
SDBbot
Software
HOPLIGHT
Software
SysUpdate
Software
Comnie
Sourced from MITRE ATT&CK Enterprise 14.1. Curated by Adam Lundqvist, SQUR.