This is a custom instance of the MITRE ATT&CK Website. The official website can be found at attack.mitre.org.
SOFTWARE
SOFTWARE
A-B
C-D
E-F
G-H
I-J
K-L
M-N
O-P
Q-R
S-T
U-V
W-X
Psylo
Psylo is a shellcode-based Trojan that has been used by Scarlet Mimic. It has similar characteristics as FakeM. [1]
ID: S0078
ⓘ
Type: MALWARE
ⓘ
Platforms: Windows
Version: 1.1
Created: 31 May 2017
Last Modified: 30 March 2020
Techniques Used
| Domain | ID | Name | Use | |
|---|---|---|---|---|
| Enterprise | T1071 | .001 | Application Layer Protocol: Web Protocols | |
| Enterprise | T1041 | Exfiltration Over C2 Channel |
Psylo exfiltrates data to its C2 server over the same protocol as C2 communications.[1] |
|
| Enterprise | T1083 | File and Directory Discovery |
Psylo has commands to enumerate all storage devices and to find all files that start with a particular string.[1] |
|
| Enterprise | T1070 | .006 | Indicator Removal on Host: Timestomp |
Psylo has a command to conduct timestomping by setting a specified file’s timestamps to match those of a system file in the System32 directory.[1] |
| Enterprise | T1105 | Ingress Tool Transfer |
Psylo has a command to download a file to the system from its C2 server.[1] |
|
Groups That Use This Software
| ID | Name | References |
|---|---|---|
| G0029 | Scarlet Mimic |
References
×