DealersChoice

DealersChoice is a Flash exploitation framework used by APT28. [1]

ID: S0243
Type: MALWARE
Platforms: Windows

Version: 1.0

Techniques Used

DomainIDNameUse
EnterpriseT1203Exploitation for Client ExecutionDealersChoice leverages vulnerable versions of Flash to perform execution.[1]
EnterpriseT1064ScriptingDealersChoice makes modifications to open-source scripts from GitHub and executes them on the victim’s machine.[1]
EnterpriseT1071Standard Application Layer ProtocolDealersChoice uses HTTP for communication with the C2 server.[1]

Groups

Groups that use this software:

APT28

References