Skip to content

Hide Navigation Hide TOC

Sykipot - S0018 (6a0ef5d4-fc7c-4dda-85d7-592e4dbdc5d9)

Sykipot is malware that has been used in spearphishing campaigns since approximately 2007 against victims primarily in the US. One variant of Sykipot hijacks smart cards on victims. (Citation: Alienvault Sykipot DOD Smart Cards) The group using this malware has also been referred to as Sykipot. (Citation: Blasco 2013)

Cluster A Galaxy A Cluster B Galaxy B Level
Asymmetric Cryptography - T1573.002 (bf176076-b789-408e-8cba-7275e81c0ada) Attack Pattern Sykipot - S0018 (6a0ef5d4-fc7c-4dda-85d7-592e4dbdc5d9) Malware 1
System Network Configuration Discovery - T1016 (707399d6-ab3e-4963-9315-d9d3818cd6a0) Attack Pattern Sykipot - S0018 (6a0ef5d4-fc7c-4dda-85d7-592e4dbdc5d9) Malware 1
Dynamic-link Library Injection - T1055.001 (f4599aa0-4f85-4a32-80ea-fc39dc965945) Attack Pattern Sykipot - S0018 (6a0ef5d4-fc7c-4dda-85d7-592e4dbdc5d9) Malware 1
Sykipot - S0018 (6a0ef5d4-fc7c-4dda-85d7-592e4dbdc5d9) Malware System Network Connections Discovery - T1049 (7e150503-88e7-4861-866b-ff1ac82c4475) Attack Pattern 1
Sykipot - S0018 (6a0ef5d4-fc7c-4dda-85d7-592e4dbdc5d9) Malware Keylogging - T1056.001 (09a60ea3-a8d1-4ae5-976e-5783248b72a4) Attack Pattern 1
Domain Account - T1087.002 (21875073-b0ee-49e3-9077-1e2a885359af) Attack Pattern Sykipot - S0018 (6a0ef5d4-fc7c-4dda-85d7-592e4dbdc5d9) Malware 1
Sykipot - S0018 (6a0ef5d4-fc7c-4dda-85d7-592e4dbdc5d9) Malware System Service Discovery - T1007 (322bad5a-1c49-4d23-ab79-76d641794afa) Attack Pattern 1
Multi-Factor Authentication Interception - T1111 (dd43c543-bb85-4a6f-aa6e-160d90d06a49) Attack Pattern Sykipot - S0018 (6a0ef5d4-fc7c-4dda-85d7-592e4dbdc5d9) Malware 1
Process Discovery - T1057 (8f4a33ec-8b1f-4b80-a2f6-642b2e479580) Attack Pattern Sykipot - S0018 (6a0ef5d4-fc7c-4dda-85d7-592e4dbdc5d9) Malware 1
Registry Run Keys / Startup Folder - T1547.001 (9efb1ea7-c37b-4595-9640-b7680cd84279) Attack Pattern Sykipot - S0018 (6a0ef5d4-fc7c-4dda-85d7-592e4dbdc5d9) Malware 1
Sykipot - S0018 (6a0ef5d4-fc7c-4dda-85d7-592e4dbdc5d9) Malware Remote System Discovery - T1018 (e358d692-23c0-4a31-9eb6-ecc13a8d7735) Attack Pattern 1
Asymmetric Cryptography - T1573.002 (bf176076-b789-408e-8cba-7275e81c0ada) Attack Pattern Encrypted Channel - T1573 (b8902400-e6c5-4ba2-95aa-2d35b442b118) Attack Pattern 2
Process Injection - T1055 (43e7dc91-05b2-474c-b9ac-2ed4fe101f4d) Attack Pattern Dynamic-link Library Injection - T1055.001 (f4599aa0-4f85-4a32-80ea-fc39dc965945) Attack Pattern 2
Input Capture - T1056 (bb5a00de-e086-4859-a231-fa793f6797e2) Attack Pattern Keylogging - T1056.001 (09a60ea3-a8d1-4ae5-976e-5783248b72a4) Attack Pattern 2
Domain Account - T1087.002 (21875073-b0ee-49e3-9077-1e2a885359af) Attack Pattern Account Discovery - T1087 (72b74d71-8169-42aa-92e0-e7b04b9f5a08) Attack Pattern 2
Registry Run Keys / Startup Folder - T1547.001 (9efb1ea7-c37b-4595-9640-b7680cd84279) Attack Pattern Boot or Logon Autostart Execution - T1547 (1ecb2399-e8ba-4f6b-8ba7-5c27d49405cf) Attack Pattern 2