S0137Windows

S0137CORESHELL

Platforms
1
ATT&CK
14.1
References
4

Description

[CORESHELL](https://attack.mitre.org/software/S0137) is a downloader used by [APT28](https://attack.mitre.org/groups/G0007). The older versions of this malware are known as SOURFACE and newer versions as CORESHELL.(Citation: FireEye APT28) (Citation: FireEye APT28 January 2017) Documented platforms: Windows. Attributed to ATT&CK group: APT28. Catalogued in ATT&CK 14.1. 4 references curated.

Platforms· 1

Windows

Attributed to1

TypeTargetConfidenceTier
GroupAPT28g0007100%live

References

  1. https://attack.mitre.org/software/S0137
  2. https://www2.fireeye.com/rs/848-DID-242/images/APT28-Center-of-Storm-2017.pdf
  3. https://web.archive.org/web/20151022204649/https://www.fireeye.com/content/dam/fireeye-www/global/en/current-threats/pdfs/rpt-apt28.pdf
  4. https://securelist.com/a-slice-of-2017-sofacy-activity/83930/

Related by meaning· 6

Nearest entities by semantic similarity across the cs-graph corpus.

Software
SOURFACE
Software
SoreFang
Software
CORALDECK
Software
Downdelph
Software
SHIPSHAPE
Software
PHOREAL
Sourced from MITRE ATT&CK Enterprise 14.1. Curated by Adam Lundqvist, SQUR.