StreamEx is a malware family that has been used by Deep Panda since at least 2015. In 2016, it was distributed via legitimate compromised Korean websites. 
|Enterprise||T1059||.003||Command and Scripting Interpreter: Windows Command Shell|
|Enterprise||T1543||.003||Create or Modify System Process: Windows Service||
StreamEx establishes persistence by installing a new service pointing to its DLL and setting the service to auto-start.
|Enterprise||T1083||File and Directory Discovery|
|Enterprise||T1027||Obfuscated Files or Information||
StreamEx obfuscates some commands by using statically programmed fragments of strings when starting a DLL. It also uses a one-byte xor against 0x91 to encode configuration data.
|Enterprise||T1518||.001||Software Discovery: Security Software Discovery||
StreamEx has the ability to scan for security tools such as firewalls and antivirus tools.
|Enterprise||T1218||.011||System Binary Proxy Execution: Rundll32|
|Enterprise||T1082||System Information Discovery||
StreamEx has the ability to enumerate system information.