Skip to content

S0243 DealersChoice

DealersChoice is a Flash exploitation framework used by APT28. 1

Item Value
ID S0243
Associated Names
Type MALWARE
Version 1.1
Created 17 October 2018
Last Modified 30 March 2020
Navigation Layer View In ATT&CK® Navigator

Techniques Used

Domain ID Name Use
enterprise T1071 Application Layer Protocol -
enterprise T1071.001 Web Protocols DealersChoice uses HTTP for communication with the C2 server.1
enterprise T1059 Command and Scripting Interpreter -
enterprise T1059.003 Windows Command Shell DealersChoice makes modifications to open-source scripts from GitHub and executes them on the victim’s machine.1
enterprise T1203 Exploitation for Client Execution DealersChoice leverages vulnerable versions of Flash to perform execution.1

Groups That Use This Software

ID Name References
G0007 APT28 12

References