StreamEx is a malware family that has been used by Deep Panda since at least 2015. In 2016, it was distributed via legitimate compromised Korean websites. [1]

ID: S0142
Platforms: Windows

Version: 1.0

Techniques Used

EnterpriseT1059Command-Line InterfaceStreamEx has the ability to remotely execute commands.[1]
EnterpriseT1083File and Directory DiscoveryStreamEx has the ability to enumerate drive types.[1]
EnterpriseT1112Modify RegistryStreamEx has the ability to modify the Registry.[1]
EnterpriseT1050New ServiceStreamEx establishes persistence by installing a new service pointing to its DLL and setting the service to auto-start.[1]
EnterpriseT1027Obfuscated Files or InformationStreamEx obfuscates some commands by using statically programmed fragments of strings when starting a DLL. It also uses a one-byte xor against 0x91 to encode configuration data.[1]
EnterpriseT1057Process DiscoveryStreamEx has the ability to enumerate processes.[1]
EnterpriseT1085Rundll32StreamEx uses rundll32 to call an exported function.[1]
EnterpriseT1063Security Software DiscoveryStreamEx has the ability to scan for security tools such as firewalls and antivirus tools.[1]
EnterpriseT1082System Information DiscoveryStreamEx has the ability to enumerate system information.[1]


Groups that use this software:

Deep Panda