According to FireEye, STEELCORGI is a packer for Linux ELF files that makes use of execution guardrails by sourcing decryption key material from environment variables.
Have Your Cake and Eat it Too? An Overview of UNC2891
SLAPSTICK STEELCORGI LightBasin
Opening “STEELCORGI”: A Sophisticated APT Swiss Army Knife
Live off the Land? How About Bringing Your Own Island? An Overview of UNC1945
There is no Yara-Signature yet.