Threat Group Cards: A Threat Actor Encyclopedia
Archived: 2026-04-05 20:21:39 UTC
Home > List all groups > List all tools > List all groups using tool STEELCORGI
 Tool: STEELCORGI
Names STEELCORGI
Category Malware
Type Dropper
Description
(FireEye) STEELCORGI is a packer for Linux ELF programs that uses key material from the
executing environment to decrypt the payload. When first starting up, the malware expects to
find up to four environment variables that contain numeric values. The malware uses the
environment variable values as a key to decrypt additional data to be executed.
Information
Malpedia Last change to this tool card: 05 April 2022
Download this tool card in JSON format
All groups using tool STEELCORGI
Changed Name Country Observed
APT groups
 LightBasin 2016
 UNC2891 [Unknown] 2020
2 groups listed (2 APT, 0 other, 0 unknown)
Source: https://apt.etda.or.th/cgi-bin/listgroups.cgi?u=be20bbeb-da73-447b-9690-442052f15c7d
https://apt.etda.or.th/cgi-bin/listgroups.cgi?u=be20bbeb-da73-447b-9690-442052f15c7d
Page 1 of 1