S0023WindowsLinux
S0023CHOPSTICK
Platforms
2
ATT&CK
14.1
References
6
Description
[CHOPSTICK](https://attack.mitre.org/software/S0023) is a malware family of modular backdoors used by [APT28](https://attack.mitre.org/groups/G0007). It has been used since at least 2012 and is usually dropped on victims as second-stage malware, though it has been used as first-stage malware in several cases. It has both Windows and Linux variants. (Citation: FireEye APT28) (Citation: ESET Sednit Part 2) (Citation: FireEye APT28 January 2017) (Citation: DOJ GRU Indictment Jul 2018) It is tracked separately from the [X-Agent for Android](https://attack.mitre.org/software/S0314).
Platforms· 2
WindowsLinux
Attributed to1
| Type | Target | Confidence | Tier |
|---|---|---|---|
| Group | APT28g0007 | 100% | live |
References
- https://attack.mitre.org/software/S0023
- http://www.welivesecurity.com/wp-content/uploads/2016/10/eset-sednit-part-2.pdf
- https://www2.fireeye.com/rs/848-DID-242/images/APT28-Center-of-Storm-2017.pdf
- https://web.archive.org/web/20151022204649/https://www.fireeye.com/content/dam/fireeye-www/global/en/current-threats/pdfs/rpt-apt28.pdf
- https://www.justice.gov/file/1080281/download
- https://www.symantec.com/blogs/election-security/apt28-espionage-military-government
Related by meaning· 6
Nearest entities by semantic similarity across the cs-graph corpus.