 |
สำนักงานพัฒนาธุรกรรมทางอิเล็กทรอนิกส์ Electronic Transactions Development Agency |
|
สำนักงานพัฒนาธุรกรรมทางอิเล็กทรอนิกส์ Electronic Transactions Development Agency |
Tool: STEELCORGI| Names | STEELCORGI | |
| Category | Malware | |
| Type | Dropper | |
| Description | (FireEye) STEELCORGI is a packer for Linux ELF programs that uses key material from the executing environment to decrypt the payload. When first starting up, the malware expects to find up to four environment variables that contain numeric values. The malware uses the environment variable values as a key to decrypt additional data to be executed. | |
| Information | <https://www.mandiant.com/resources/live-off-the-land-an-overview-of-unc1945> <https://yoroi.company/research/opening-steelcorgi-a-sophisticated-apt-swiss-army-knife/> <https://yoroi.company/research/shadows-from-the-past-threaten-italian-enterprises/> | |
| Malpedia | <https://malpedia.caad.fkie.fraunhofer.de/details/elf.steelcorgi> | |
Last change to this tool card: 05 April 2022
Download this tool card in JSON format
| Changed | Name | Country | Observed | ||
APT groups | |||||
| LightBasin | [Unknown] | 2016 | |||
| UNC2891 | [Unknown] | 2020 | |||
2 groups listed (2 APT, 0 other, 0 unknown)
|
Digital Service Security Center Follow us on
|
Report incidents |
|
 |
+66 (0)2-123-1227 | |
 |
[email protected] | |