SHUTTERSPEED

Description

(FireEye) SHUTTERSPEED is a backdoor that can collect system information, acquire screenshots, and download/execute an arbitrary executable. SHUTTERSPEED typically requires an argument at runtime in order to execute fully. Observed arguments used by SHUTTERSPEED include: ‘help’, ‘console’, and ‘sample’. The spear phishing email messages contained documents exploiting RTF vulnerability CVE-2017-0199.

Many of the compromised domains in the command and control infrastructure are linked to South Korean companies. Most of these domains host a fake webpage pertinent to targets.

Names

Name
SHUTTERSPEED

Type

Reconnaissance
Backdoor
Info stealer

Information

https://www2.fireeye.com/rs/848-DID-242/images/rpt_APT37.pdf

Mitre Attack

https://attack.mitre.org/software/S0217/

Other Information

Uuid

3745f067-1087-4e50-9797-3424e17781a0

Last Card Change

2020-04-23

Threat Intelligence Garden

Explorer

SHUTTERSPEED

SHUTTERSPEED

Description

Names

Category

Type

Information

Mitre Attack

Other Information

Uuid

Last Card Change

Graph View

Table of Contents

Backlinks