Starloader
Starloader is a loader component that has been observed loading Felismus and associated tools. [1]
ID: S0188
ⓘ
Type: MALWARE
ⓘ
Platforms: Windows
Contributors: Alan Neville, @abnev
Version: 1.1
Created: 16 January 2018
Last Modified: 18 March 2020
Techniques Used
| Domain | ID | Name | Use | |
|---|---|---|---|---|
| Enterprise | T1036 | .005 | 伪装: Match Legitimate Name or Location |
Starloader has masqueraded as legitimate software update packages such as Adobe Acrobat Reader and Intel.[1] |
| Enterprise | T1140 | 反混淆/解码文件或信息 |
Starloader decrypts and executes shellcode from a file called Stars.jps.[1] |
|