1. Home
  2. Software
  3. VaporRage

VaporRage

VaporRage is a shellcode downloader that has been used by APT29 since at least 2021.[1]

ID: S0636
Type: MALWARE
Platforms: Windows
Version: 1.0
Created: 04 August 2021
Last Modified: 04 August 2021
Enterprise Layer
download view

Techniques Used

Domain ID Name Use
Enterprise T1140 反混淆/解码文件或信息

VaporRage can deobfuscate XOR-encoded shellcode prior to execution.[1]
Enterprise T1071 .001 应用层协议: Web Protocols

VaporRage can use HTTP to download shellcode from compromised websites.[1]
Enterprise T1480 执行保护

VaporRage has the ability to check for the presence of a specific DLL and terminate if it is not found.[1]
Enterprise T1105 输入工具传输

VaporRage has the ability to download malicious shellcode to compromised systems.[1]

Groups That Use This Software

ID Name References
G0016 APT29

[1]

References

  1. MSTIC. (2021, May 28). Breaking down NOBELIUM’s latest early-stage toolset. Retrieved August 4, 2021.