StreamEx
StreamEx is a malware family that has been used by Deep Panda since at least 2015. In 2016, it was distributed via legitimate compromised Korean websites. [1]
ID: S0142
Aliases: StreamEx
Type: MALWARE
Platforms: Windows
Version: 1.0
Alias Descriptions
Name | Description |
---|---|
StreamEx | [1] |
Techniques Used
Domain | ID | Name | Use |
---|---|---|---|
Enterprise | T1059 | Command-Line Interface | StreamEx has the ability to remotely execute commands.[1] |
Enterprise | T1083 | File and Directory Discovery | StreamEx has the ability to enumerate drive types.[1] |
Enterprise | T1112 | Modify Registry | StreamEx has the ability to modify the Registry.[1] |
Enterprise | T1050 | New Service | StreamEx establishes persistence by installing a new service pointing to its DLL and setting the service to auto-start.[1] |
Enterprise | T1027 | Obfuscated Files or Information | StreamEx obfuscates some commands by using statically programmed fragments of strings when starting a DLL. It also uses a one-byte xor against 0x91 to encode configuration data.[1] |
Enterprise | T1057 | Process Discovery | StreamEx has the ability to enumerate processes.[1] |
Enterprise | T1085 | Rundll32 | StreamEx uses rundll32 to call an exported function.[1] |
Enterprise | T1063 | Security Software Discovery | StreamEx has the ability to scan for security tools such as firewalls and antivirus tools.[1] |
Enterprise | T1082 | System Information Discovery | StreamEx has the ability to enumerate system information.[1] |
Groups
Groups that use this software:
Deep Panda