SHIPSHAPE

SHIPSHAPE is malware developed by APT30 that allows propagation and exfiltration of data over removable devices. APT30 may use this capability to exfiltrate data across air-gaps. [1]

ID: S0028
Type: MALWARE
Platforms: Windows

Version: 1.0

Techniques Used

DomainIDNameUse
EnterpriseT1060Registry Run Keys / Startup FolderSHIPSHAPE achieves persistence by creating a shortcut in the Startup folder.[1]
EnterpriseT1091Replication Through Removable MediaAPT30 may have used the SHIPSHAPE malware to move onto air-gapped networks. SHIPSHAPE targets removable drives to spread to other systems by modifying the drive to use Autorun to execute or by hiding legitimate document files and copying an executable to the folder with the same name as the legitimate document.[1]
EnterpriseT1023Shortcut ModificationSHIPSHAPE achieves persistence by creating a shortcut in the Startup folder.[1]

Groups

Groups that use this software:

APT30

References