Threat Group Cards: A Threat Actor Encyclopedia
Archived: 2026-04-05 17:25:29 UTC
Home > List all groups > List all tools > List all groups using tool SHUTTERSPEED
 Tool: SHUTTERSPEED
Names SHUTTERSPEED
Category Malware
Type Reconnaissance, Backdoor, Info stealer
Description
(FireEye) SHUTTERSPEED is a backdoor that can collect system information, acquire
screenshots, and download/execute an arbitrary executable. SHUTTERSPEED typically
requires an argument at runtime in order to execute fully. Observed arguments used by
SHUTTERSPEED include: 'help', 'console', and 'sample'.
The spear phishing email messages contained documents exploiting RTF vulnerability
CVE-2017-0199.
Many of the compromised domains in the command and control infrastructure are linked
to South Korean companies. Most of these domains host a fake webpage pertinent to
targets.
Information MITRE ATT&CK Last change to this tool card: 23 April 2020
Download this tool card in JSON format
All groups using tool SHUTTERSPEED
Changed Name Country Observed
APT groups
 Reaper, APT 37, Ricochet Chollima, ScarCruft 2012-Mar 2025
1 group listed (1 APT, 0 other, 0 unknown)
https://apt.etda.or.th/cgi-bin/listgroups.cgi?u=3745f067-1087-4e50-9797-3424e17781a0
Page 1 of 2

Source: https://apt.etda.or.th/cgi-bin/listgroups.cgi?u=3745f067-1087-4e50-9797-3424e17781a0
https://apt.etda.or.th/cgi-bin/listgroups.cgi?u=3745f067-1087-4e50-9797-3424e17781a0
Page 2 of 2