Malware: Sykipot

Description

[Sykipot](https://attack.mitre.org/software/S0018) is malware that has been used in spearphishing campaigns since approximately 2007 against victims primarily in the US. One variant of [Sykipot](https://attack.mitre.org/software/S0018) hijacks smart cards on victims. (Citation: Alienvault Sykipot DOD Smart Cards) The group using this malware has also been referred to as Sykipot. (Citation: Blasco 2013)

External References

• mitre-attack
• Alienvault Sykipot DOD Smart Cards
• Blasco 2013

Techniques Used by This Malware

• T1007 — System Service Discovery
• T1016 — System Network Configuration Discovery
• T1018 — Remote System Discovery
• T1049 — System Network Connections Discovery
• T1055.001 — Dynamic-link Library Injection
• T1056.001 — Keylogging
• T1057 — Process Discovery
• T1087.002 — Domain Account
• T1111 — Multi-Factor Authentication Interception
• T1547.001 — Registry Run Keys / Startup Folder
• T1573.002 — Asymmetric Cryptography