CORALDECK

Description

(FireEye) CORALDECK is an exfiltration tool that searches for specified files and exfiltrates them in password protected archives using hardcoded HTTP POST headers. CORALDECK has been observed dropping and using Winrar to exfiltrate data in password protected RAR files as well as WinImage and zip archives.

Names

Name
CORALDECK

Type

Exfiltration
Dropper

Information

https://www2.fireeye.com/rs/848-DID-242/images/rpt_APT37.pdf

Mitre Attack

https://attack.mitre.org/software/S0212/

Other Information

Uuid

bb2028cf-4303-4bc2-8dc7-3499f3d2f705

Last Card Change

2020-04-22

Threat Intelligence Garden

Explorer

CORALDECK

CORALDECK

Description

Names

Category

Type

Information

Mitre Attack

Other Information

Uuid

Last Card Change

Graph View

Table of Contents

Backlinks