SysUpdate
MITRE
Malware Type:
Other
Other
First seen:
Unknown
Unknown
Last seen:
Unknown
Unknown
Details:
[SysUpdate](https://attack.mitre.org/software/S0663) is a backdoor written in C++ that has been used by [Threat Group-3390](https://attack.mitre.org/groups/G0027) since at least 2020.(Citation: Trend Micro Iron Tiger April 2021)
Associated Techniques (31)
| ID | ATT&CK | Tactics |
|---|---|---|
| T1005 | Data from Local System | - |
| T1007 | System Service Discovery | - |
| T1016 | System Network Configuration Discovery | - |
| T1016.001 | Internet Connection Discovery | - |
| T1027.002 | Software Packing | - |
| T1027.011 | Fileless Storage | - |
| T1027.013 | Encrypted/Encoded File | - |
| T1033 | System Owner/User Discovery | - |
| T1036.004 | Masquerade Task or Service | - |
| T1041 | Exfiltration Over C2 Channel | - |
| T1047 | Windows Management Instrumentation | - |
| T1057 | Process Discovery | - |
| T1070.004 | File Deletion | - |
| T1071.004 | DNS | - |
| T1082 | System Information Discovery | - |
Aliases (312)
HyperSSL
Soldier
FOCUSFJORD
HyperSSL
Soldier
FOCUSFJORD
HyperSSL
Soldier
FOCUSFJORD
HyperSSL
Soldier
FOCUSFJORD
HyperSSL
Soldier
FOCUSFJORD
HyperSSL
Soldier
FOCUSFJORD
HyperSSL
Soldier
FOCUSFJORD
HyperSSL
Soldier
FOCUSFJORD
HyperSSL
Soldier
FOCUSFJORD
HyperSSL
Soldier
FOCUSFJORD
HyperSSL
Soldier
FOCUSFJORD
HyperSSL
Soldier
FOCUSFJORD
HyperSSL
Soldier
FOCUSFJORD
HyperSSL
Soldier
FOCUSFJORD
HyperSSL
Soldier
FOCUSFJORD
HyperSSL
Soldier
FOCUSFJORD
HyperSSL
Soldier
FOCUSFJORD
HyperSSL
Soldier
FOCUSFJORD
HyperSSL
Soldier
FOCUSFJORD
HyperSSL
Soldier
FOCUSFJORD
HyperSSL
Soldier
FOCUSFJORD
HyperSSL
Soldier
FOCUSFJORD
HyperSSL
Soldier
FOCUSFJORD
HyperSSL
Soldier
FOCUSFJORD
HyperSSL
Soldier
FOCUSFJORD
HyperSSL
Soldier
FOCUSFJORD
HyperSSL
Soldier
FOCUSFJORD
HyperSSL
Soldier
FOCUSFJORD
HyperSSL
Soldier
FOCUSFJORD
HyperSSL
Soldier
FOCUSFJORD
HyperSSL
Soldier
FOCUSFJORD
HyperSSL
Soldier
FOCUSFJORD
HyperSSL
Soldier
FOCUSFJORD
HyperSSL
Soldier
FOCUSFJORD
HyperSSL
Soldier
FOCUSFJORD
HyperSSL
Soldier
FOCUSFJORD
HyperSSL
Soldier
FOCUSFJORD
HyperSSL
Soldier
FOCUSFJORD
HyperSSL
Soldier
FOCUSFJORD
HyperSSL
Soldier
FOCUSFJORD
HyperSSL
Soldier
FOCUSFJORD
HyperSSL
Soldier
FOCUSFJORD
HyperSSL
Soldier
FOCUSFJORD
HyperSSL
Soldier
FOCUSFJORD
HyperSSL
Soldier
FOCUSFJORD
HyperSSL
Soldier
FOCUSFJORD
HyperSSL
Soldier
FOCUSFJORD
HyperSSL
Soldier
FOCUSFJORD
HyperSSL
Soldier
FOCUSFJORD
HyperSSL
Soldier
FOCUSFJORD
HyperSSL
Soldier
FOCUSFJORD
HyperSSL
Soldier
FOCUSFJORD
HyperSSL
Soldier
FOCUSFJORD
HyperSSL
Soldier
FOCUSFJORD
HyperSSL
Soldier
FOCUSFJORD
HyperSSL
Soldier
FOCUSFJORD
HyperSSL
Soldier
FOCUSFJORD
HyperSSL
Soldier
FOCUSFJORD
HyperSSL
Soldier
FOCUSFJORD
HyperSSL
Soldier
FOCUSFJORD
HyperSSL
Soldier
FOCUSFJORD
HyperSSL
Soldier
FOCUSFJORD
HyperSSL
Soldier
FOCUSFJORD
HyperSSL
Soldier
FOCUSFJORD
HyperSSL
Soldier
FOCUSFJORD
HyperSSL
Soldier
FOCUSFJORD
HyperSSL
Soldier
FOCUSFJORD
HyperSSL
Soldier
FOCUSFJORD
HyperSSL
Soldier
FOCUSFJORD
HyperSSL
Soldier
FOCUSFJORD
HyperSSL
Soldier
FOCUSFJORD
HyperSSL
Soldier
FOCUSFJORD
HyperSSL
Soldier
FOCUSFJORD
HyperSSL
Soldier
FOCUSFJORD
HyperSSL
Soldier
FOCUSFJORD
HyperSSL
Soldier
FOCUSFJORD
HyperSSL
Soldier
FOCUSFJORD
HyperSSL
Soldier
FOCUSFJORD
HyperSSL
Soldier
FOCUSFJORD
HyperSSL
Soldier
FOCUSFJORD
HyperSSL
Soldier
FOCUSFJORD
HyperSSL
Soldier
FOCUSFJORD
HyperSSL
Soldier
FOCUSFJORD
HyperSSL
Soldier
FOCUSFJORD
HyperSSL
Soldier
FOCUSFJORD
HyperSSL
Soldier
FOCUSFJORD
HyperSSL
Soldier
FOCUSFJORD
HyperSSL
Soldier
FOCUSFJORD
HyperSSL
Soldier
FOCUSFJORD
HyperSSL
Soldier
FOCUSFJORD
HyperSSL
Soldier
FOCUSFJORD
HyperSSL
Soldier
FOCUSFJORD
HyperSSL
Soldier
FOCUSFJORD
HyperSSL
Soldier
FOCUSFJORD
HyperSSL
Soldier
FOCUSFJORD
HyperSSL
Soldier
FOCUSFJORD
HyperSSL
Soldier
FOCUSFJORD
HyperSSL
Soldier
FOCUSFJORD
HyperSSL
Soldier
FOCUSFJORD
HyperSSL
Soldier
FOCUSFJORD
HyperSSL
Soldier
FOCUSFJORD
HyperSSL
Soldier
FOCUSFJORD
HyperSSL
Soldier
FOCUSFJORD
HyperSSL
Soldier
FOCUSFJORD
Used by Actors (1)
Metadata
| ID: | 540 |
| Created: | 13/01/2026 17:48 |
| Updated: | 06/03/2026 04:00 |