1. Home
  2. Software
  3. DealersChoice

DealersChoice

DealersChoice is a Flash exploitation framework used by APT28. [1]

ID: S0243
Type: MALWARE
Platforms: Windows
Version: 1.1
Created: 17 October 2018
Last Modified: 30 March 2020
Enterprise Layer
download view

Techniques Used

Domain ID Name Use
Enterprise T1059 .003 命令与脚本解释器: Windows Command Shell

DealersChoice makes modifications to open-source scripts from GitHub and executes them on the victim’s machine.[1]
Enterprise T1203 客户端执行漏洞利用

DealersChoice leverages vulnerable versions of Flash to perform execution.[1]
Enterprise T1071 .001 应用层协议: Web Protocols

DealersChoice uses HTTP for communication with the C2 server.[1]

Groups That Use This Software

ID Name References
G0007 APT28

[1][2]

References

  1. Falcone, R. (2018, March 15). Sofacy Uses DealersChoice to Target European Government Agency. Retrieved June 4, 2018.
  1. Secureworks CTU. (2017, March 30). IRON TWILIGHT Supports Active Measures. Retrieved February 28, 2022.