Skip to content

S0188 Starloader

Starloader is a loader component that has been observed loading Felismus and associated tools. 1

Item Value
ID S0188
Associated Names
Type MALWARE
Version 1.1
Created 16 January 2018
Last Modified 18 March 2020
Navigation Layer View In ATT&CK® Navigator

Techniques Used

Domain ID Name Use
enterprise T1140 Deobfuscate/Decode Files or Information Starloader decrypts and executes shellcode from a file called Stars.jps.1
enterprise T1036 Masquerading -
enterprise T1036.005 Match Legitimate Name or Location Starloader has masqueraded as legitimate software update packages such as Adobe Acrobat Reader and Intel.1

Groups That Use This Software

ID Name References
G0054 Sowbug 1

References