Check out the results from our first round of ATT&CK Evaluations at attackevals.mitre.org!

CORALDECK

CORALDECK is an exfiltration tool used by ScarCruft. [1]

ID: S0212
Aliases: CORALDECK
Type: MALWARE
Platforms: Windows

Version: 1.0

Alias Descriptions

NameDescription
CORALDECK[1]

Techniques Used

DomainIDNameUse
EnterpriseT1002Data CompressedCORALDECK has created password-protected RAR, WinImage, and zip archives to be exfiltrated.[1]
EnterpriseT1022Data EncryptedCORALDECK has created password-protected RAR, WinImage, and zip archives to be exfiltrated.[1]
EnterpriseT1083File and Directory DiscoveryCORALDECK searches for specified files.[1]
EnterpriseT1071Standard Application Layer ProtocolCORALDECK has exfiltrated data in HTTP POST headers.[1]

Groups

Groups that use this software:

APT37

References