Software: StreamEx

From ATT&CK
Jump to: navigation, search
StreamEx
Software
ID S0142
Aliases StreamEx
Type Malware

StreamEx is a malware family that has been used by Deep Panda since at least 2015. In 2016, it was distributed via legitimate compromised Korean websites.1

Techniques Used

  • New Service - StreamEx establishes persistence by installing a new service pointing to its DLL and setting the service to auto-start.1
  • Rundll32 - StreamEx uses rundll32 to call an exported function.1
  • Obfuscated Files or Information - StreamEx obfuscates some commands by using statically programmed fragments of strings when starting a DLL. It also uses a one-byte xor against 0x91 to encode configuration data.1

Groups

The following groups use this software: