CORESHELL

Description

CORESHELL is a downloader used by APT28. The older versions of this malware are known as SOURFACE and newer versions as CORESHELL.

Names

Name
CORESHELL
SOURFACE
Sofacy

Category

Malware

Type

• Downloader

Information

• https://www.fireeye.com/content/dam/fireeye-www/global/en/current-threats/pdfs/rpt-apt28.pdf
• https://contagiodump.blogspot.de/2017/02/russian-apt-apt28-collection-of-samples.html
• http://www.malware-reversing.com/2012/12/3-disclosure-of-another-0day-malware.html
• http://malware.prevenity.com/2014/08/malware-info.html

Mitre Attack

• https://attack.mitre.org/software/S0137/

Malpedia

• https://malpedia.caad.fkie.fraunhofer.de/details/win.coreshell

Alienvault Otx

• https://otx.alienvault.com/browse/pulses?q=tag:coreshell

Other Information

Uuid

d4ba1992-de1d-4c94-941d-454e3f3fd249

Last Card Change

2020-05-13