SYSCON

Malware updated 6 months ago (2024-05-04T19:01:33.491Z)
Download STIX
Preview STIX
In January 2023, the McAfee Advanced Threat Research team discovered a new variant of the SYSCON backdoor malware being used in an operation. This variant appeared in a malicious Word document containing a Visual Basic macro that dropped and executed an upgraded version of the implant. The malware was part of several campaigns using North Korea–related topics and was designed to exploit and damage computers or devices by stealing personal information, disrupting operations, or holding data hostage for ransom. The malware families used in this campaign consisted mainly of malicious documents featuring CARROTBAT downloaders with SYSCON payloads, but also included a new malware downloader Unit 42 has dubbed CARROTBALL. Based on the analysis, multiple components from this operation are unique from a code perspective, even though the code is loosely based on previous versions of the SYSCON backdoor. AutoFocus customers can track these samples with the FracturedStatue, SYSYCON, KONNI, CARROTBAT, and CARROTBALL tags. This discovery highlights the ongoing threat posed by sophisticated malware campaigns designed to infiltrate and disrupt computer systems. To minimize the risk of such attacks, computer users should exercise caution when downloading files, opening email attachments, or visiting suspicious websites and keep their operating systems and security software up to date.
Description last updated: 2023-06-23T15:05:55.669Z
Aliases We are not currently tracking any aliases
Miscellaneous Associations
Other elements of context that could aid in the identification of relevance
Analyst Notes & Discussion
Be the first to leave your mark here! Log in to share your views and vote.
Source Document References
Information about the SYSCON Malware was read from the documents corpus below. This display is limited to 20 results, create a free account to see more