DealersChoice is a Flash exploitation framework used by APT28. [1]
Domain | ID | Name | Use | |
---|---|---|---|---|
Enterprise | T1071 | .001 | Application Layer Protocol: Web Protocols |
DealersChoice uses HTTP for communication with the C2 server.[1] |
Enterprise | T1059 | .003 | Command and Scripting Interpreter: Windows Command Shell |
DealersChoice makes modifications to open-source scripts from GitHub and executes them on the victim’s machine.[1] |
Enterprise | T1203 | Exploitation for Client Execution |
DealersChoice leverages vulnerable versions of Flash to perform execution.[1] |