Software: StreamEx

From enterprise
Jump to: navigation, search
ID S0142
Aliases StreamEx
Type Malware
Platform Windows

StreamEx is a malware family that has been used by Deep Panda since at least 2015. In 2016, it was distributed via legitimate compromised Korean websites.1

Alias Descriptions

  • StreamEx - 1

Techniques Used

  • New Service - StreamEx establishes persistence by installing a new service pointing to its DLL and setting the service to auto-start.1
  • Rundll32 - StreamEx uses rundll32 to call an exported function.1
  • Obfuscated Files or Information - StreamEx obfuscates some commands by using statically programmed fragments of strings when starting a DLL. It also uses a one-byte xor against 0x91 to encode configuration data.1


The following groups use this software: