CORALDECK

CORALDECK is an exfiltration tool used by APT37. ^[1]

ID: S0212

ⓘ

Type: MALWARE

ⓘ

Platforms: Windows

Version: 1.1

Created: 18 April 2018

Last Modified: 30 March 2020

Techniques Used

Domain	ID		Name	Use
Enterprise	T1560	.001	归档收集数据: Archive via Utility	CORALDECK has created password-protected RAR, WinImage, and zip archives to be exfiltrated.^[1]
Enterprise	T1083		文件和目录发现	CORALDECK searches for specified files.^[1]
Enterprise	T1048	.003	替代协议渗出: Exfiltration Over Unencrypted Non-C2 Protocol	CORALDECK has exfiltrated data in HTTP POST headers.^[1]

ID	Name	References
G0067	APT37	^[1]