STEELCORGI

Description

(FireEye) STEELCORGI is a packer for Linux ELF programs that uses key material from the executing environment to decrypt the payload. When first starting up, the malware expects to find up to four environment variables that contain numeric values. The malware uses the environment variable values as a key to decrypt additional data to be executed.

Names

Name
STEELCORGI

Type

Dropper

Information

https://www.mandiant.com/resources/live-off-the-land-an-overview-of-unc1945
https://yoroi.company/research/opening-steelcorgi-a-sophisticated-apt-swiss-army-knife/
https://yoroi.company/research/shadows-from-the-past-threaten-italian-enterprises/

Malpedia

https://malpedia.caad.fkie.fraunhofer.de/details/elf.steelcorgi

Other Information

Uuid

be20bbeb-da73-447b-9690-442052f15c7d

Last Card Change

2022-04-05

Threat Intelligence Garden

Explorer

STEELCORGI

STEELCORGI

Description

Names

Category

Type

Information

Malpedia

Other Information

Uuid

Last Card Change

Graph View

Table of Contents

Backlinks