Skip to content

Hide Navigation Hide TOC

StreamEx - S0142 (91000a8a-58cc-4aba-9ad0-993ad6302b86)

StreamEx is a malware family that has been used by Deep Panda since at least 2015. In 2016, it was distributed via legitimate compromised Korean websites. (Citation: Cylance Shell Crew Feb 2017)

Cluster A Galaxy A Cluster B Galaxy B Level
System Information Discovery - T1082 (354a7f88-63fb-41b5-a801-ce3b377b36f1) Attack Pattern StreamEx - S0142 (91000a8a-58cc-4aba-9ad0-993ad6302b86) Malware 1
Rundll32 - T1218.011 (045d0922-2310-4e60-b5e4-3302302cb3c5) Attack Pattern StreamEx - S0142 (91000a8a-58cc-4aba-9ad0-993ad6302b86) Malware 1
Modify Registry - T1112 (57340c81-c025-4189-8fa0-fc7ede51bae4) Attack Pattern StreamEx - S0142 (91000a8a-58cc-4aba-9ad0-993ad6302b86) Malware 1
Windows Service - T1543.003 (2959d63f-73fd-46a1-abd2-109d7dcede32) Attack Pattern StreamEx - S0142 (91000a8a-58cc-4aba-9ad0-993ad6302b86) Malware 1
File and Directory Discovery - T1083 (7bc57495-ea59-4380-be31-a64af124ef18) Attack Pattern StreamEx - S0142 (91000a8a-58cc-4aba-9ad0-993ad6302b86) Malware 1
Security Software Discovery - T1518.001 (cba37adb-d6fb-4610-b069-dd04c0643384) Attack Pattern StreamEx - S0142 (91000a8a-58cc-4aba-9ad0-993ad6302b86) Malware 1
Obfuscated Files or Information - T1027 (b3d682b6-98f2-4fb0-aa3b-b4df007ca70a) Attack Pattern StreamEx - S0142 (91000a8a-58cc-4aba-9ad0-993ad6302b86) Malware 1
Process Discovery - T1057 (8f4a33ec-8b1f-4b80-a2f6-642b2e479580) Attack Pattern StreamEx - S0142 (91000a8a-58cc-4aba-9ad0-993ad6302b86) Malware 1
StreamEx (9991ace8-1a62-498c-a9ef-19d474deb505) Tool StreamEx - S0142 (91000a8a-58cc-4aba-9ad0-993ad6302b86) Malware 1
Windows Command Shell - T1059.003 (d1fcf083-a721-4223-aedf-bf8960798d62) Attack Pattern StreamEx - S0142 (91000a8a-58cc-4aba-9ad0-993ad6302b86) Malware 1
Rundll32 - T1218.011 (045d0922-2310-4e60-b5e4-3302302cb3c5) Attack Pattern System Binary Proxy Execution - T1218 (457c7820-d331-465a-915e-42f85500ccc4) Attack Pattern 2
Create or Modify System Process - T1543 (106c0cf6-bf73-4601-9aa8-0945c2715ec5) Attack Pattern Windows Service - T1543.003 (2959d63f-73fd-46a1-abd2-109d7dcede32) Attack Pattern 2
Software Discovery - T1518 (e3b6daca-e963-4a69-aee6-ed4fd653ad58) Attack Pattern Security Software Discovery - T1518.001 (cba37adb-d6fb-4610-b069-dd04c0643384) Attack Pattern 2
Command and Scripting Interpreter - T1059 (7385dfaf-6886-4229-9ecd-6fd678040830) Attack Pattern Windows Command Shell - T1059.003 (d1fcf083-a721-4223-aedf-bf8960798d62) Attack Pattern 2