ThaiCERT    ETDA    MDES
Report
Search
Home > List all groups > List all tools > List all groups using tool StreamEx

Threat Group Cards: A Threat Actor Encyclopedia

Permanent link Tool: StreamEx

NamesStreamEx
CategoryMalware
TypeReconnaissance, Backdoor
Description(Cylance) Cylance dubbed this family of malware StreamEx, based upon a common exported function used across all samples ‘stream’, combined with the dropper functionality to append ‘ex’ to the DLL file name.

The StreamEx family has the ability to access and modify the user’s file system, modify the registry, create system services, enumerate process and system information, enumerate network resources and drive types, scan for security tools such as firewall products and antivirus products, change browser security settings, and remotely execute commands. The malware documented in this post was predominantly 64-bit, however, there are 32-bit versions of the malware in the wild.
Information<https://threatvector.cylance.com/en_us/home/shell-crew-variants-continue-to-fly-under-big-avs-radar.html>
MITRE ATT&CK<https://attack.mitre.org/software/S0142/>
AlienVault OTX<https://otx.alienvault.com/browse/pulses?q=tag:StreamEx>

Last change to this tool card: 22 April 2020

Download this tool card in JSON format

Previous: StoneDrill
Next: StrongPity

All groups using tool StreamEx

ChangedNameCountryObserved

APT groups

XTurbine Panda, APT 26, Shell Crew, WebMasters, KungFu KittensChina2010-Oct 2018X

1 group listed (1 APT, 0 other, 0 unknown)

Thailand Computer Emergency Response Team (ThaiCERT)
Electronic Transactions Development Agency

Follow us on

Facebook Twitter

Report incidents

Telephone +66 (0)2-123-1234
E-mail report@thaicert.or.th
PGP Download PGP key