| ID | X0008 |
| Aliases | Delf, Emerleox, Logsnif, Graybird, Pcclient |
| Platforms | Windows |
| Year | 2013 |
| Associated ATT&CK Software | None |
A family of backdoors.
| Name | Use |
|---|---|
| Registry Run Keys / Startup Folder | Hupigon drops the file "Systen.dll" and adds the registry entry: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\BITS DllName = "%System%\Systen.dll". [1] |
[1] https://www.trendmicro.com/vinfo/us/threat-encyclopedia/malware/HUPIGON