StreamEx
StreamEx is a malware family that has been used by Deep Panda since at least 2015. In 2016, it was distributed via legitimate compromised Korean websites. [1]
ID: S0142
ⓘ
Type: MALWARE
ⓘ
Platforms: Windows
Version: 1.1
Created: 31 May 2017
Last Modified: 30 March 2020
Techniques Used
| Domain | ID | Name | Use | |
|---|---|---|---|---|
| Enterprise | T1112 | 修改注册表 | ||
| Enterprise | T1543 | .003 | 创建或修改系统进程: Windows Service |
StreamEx establishes persistence by installing a new service pointing to its DLL and setting the service to auto-start.[1] |
| Enterprise | T1059 | .003 | 命令与脚本解释器: Windows Command Shell | |
| Enterprise | T1083 | 文件和目录发现 | ||
| Enterprise | T1027 | 混淆文件或信息 |
StreamEx obfuscates some commands by using statically programmed fragments of strings when starting a DLL. It also uses a one-byte xor against 0x91 to encode configuration data.[1] |
|
| Enterprise | T1218 | .011 | 系统二进制代理执行: Rundll32 | |
| Enterprise | T1082 | 系统信息发现 |
StreamEx has the ability to enumerate system information.[1] |
|
| Enterprise | T1518 | .001 | 软件发现: Security Software Discovery |
StreamEx has the ability to scan for security tools such as firewalls and antivirus tools.[1] |
| Enterprise | T1057 | 进程发现 | ||
Groups That Use This Software
| ID | Name | References |
|---|---|---|
| G0009 | Deep Panda |