{
	"id": "c2c58b56-7fec-46fc-bed9-7b663ca7d701",
	"created_at": "2026-04-06T00:08:20.116971Z",
	"updated_at": "2026-04-10T03:30:47.779849Z",
	"deleted_at": null,
	"sha1_hash": "216ffd3e1301bc42354c455a082313ac4c97e409",
	"title": "Detailed Analysis Of Sykipot (Smartcard Proxy Variant)",
	"llm_title": "",
	"authors": "",
	"file_creation_date": "0001-01-01T00:00:00Z",
	"file_modification_date": "0001-01-01T00:00:00Z",
	"file_size": 28973,
	"plain_text": "Detailed Analysis Of Sykipot (Smartcard Proxy Variant)\r\nBy Created by:Rong Hwa Chong\r\nArchived: 2026-04-05 13:34:50 UTC\r\nOn January 2012, AlienVault reported a Sykipot variant with smartcard access capability that has drawn high\r\nattention in the security industry. The internals of this malware sample, such as flow of the malware, backdoor\r\ncapabilities, tricks and techniques, and encryption algorithm are described in this paper. Additionally, its backdoor\r\ncapabilities are compared with the analysis work of another Sykipot variant published by Symantec. This\r\ncomparison displays the vast improvements that Sykipot has made. And most importantly, this paper facilitates the\r\nsecurity analysts or researchers to response and remediate Sykipot infections, analyze the impact of Sykipot\r\ninfection, decrypt Sykipot encrypted messages, or even design a fake bot to communicate with the attackers for\r\nfuture research works.\r\nSource: https://www.sans.org/reading-room/whitepapers/malicious/detailed-analysis-sykipot-smartcard-proxy-variant-33919\r\nhttps://www.sans.org/reading-room/whitepapers/malicious/detailed-analysis-sykipot-smartcard-proxy-variant-33919\r\nPage 1 of 1",
	"extraction_quality": 1,
	"language": "EN",
	"sources": [
		"ETDA",
		"Malpedia",
		"MISPGALAXY"
	],
	"references": [
		"https://www.sans.org/reading-room/whitepapers/malicious/detailed-analysis-sykipot-smartcard-proxy-variant-33919"
	],
	"report_names": [
		"detailed-analysis-sykipot-smartcard-proxy-variant-33919"
	],
	"threat_actors": [
		{
			"id": "68cc6e37-f16d-4995-a75b-5e8e2a6cbb3d",
			"created_at": "2024-05-01T02:03:07.943593Z",
			"updated_at": "2026-04-10T02:00:03.795229Z",
			"deleted_at": null,
			"main_name": "BRONZE EDISON",
			"aliases": [
				"APT4 ",
				"DarkSeoul",
				"Maverick Panda ",
				"Salmon Typhoon ",
				"Sodium ",
				"Sykipot ",
				"TG-0623 ",
				"getkys"
			],
			"source_name": "Secureworks:BRONZE EDISON",
			"tools": [
				"Gh0st RAT",
				"Wkysol",
				"ZxPortMap"
			],
			"source_id": "Secureworks",
			"reports": null
		},
		{
			"id": "6fbff48b-7a3e-4e54-ac22-b10f11e32337",
			"created_at": "2022-10-25T16:07:23.318008Z",
			"updated_at": "2026-04-10T02:00:04.539063Z",
			"deleted_at": null,
			"main_name": "APT 4",
			"aliases": [
				"APT 4",
				"Bronze Edison",
				"Maverick Panda",
				"Salmon Typhoo",
				"Sodium",
				"Sykipot",
				"TG-0623",
				"Wisp Team"
			],
			"source_name": "ETDA:APT 4",
			"tools": [
				"Getkys",
				"Sykipot",
				"Wkysol",
				"XMRig"
			],
			"source_id": "ETDA",
			"reports": null
		}
	],
	"ts_created_at": 1775434100,
	"ts_updated_at": 1775791847,
	"ts_creation_date": 0,
	"ts_modification_date": 0,
	"files": {
		"pdf": "https://archive.orkl.eu/216ffd3e1301bc42354c455a082313ac4c97e409.pdf",
		"text": "https://archive.orkl.eu/216ffd3e1301bc42354c455a082313ac4c97e409.txt",
		"img": "https://archive.orkl.eu/216ffd3e1301bc42354c455a082313ac4c97e409.jpg"
	}
}