ETDA สำนักงานพัฒนาธุรกรรมทางอิเล็กทรอนิกส์
Electronic Transactions Development Agency
Home > List all groups > List all tools > List all groups using tool CSPY Downloader

Threat Group Cards: A Threat Actor Encyclopedia

Permanent link Tool: CSPY Downloader

NamesCSPY Downloader
Description(Cybereason) Upon analysis, the Nocturnus determined that winload.exe is a new type of a downloader, dubbed “CSPY” by Cybereason, that is packed with robust evasion techniques meant to ensure that the “coast is clear” and that the malware does not run in a context of a virtual machine or analysis tools before it continues to download secondary payloads.

Last change to this tool card: 05 January 2021

Download this tool card in JSON format

All groups using tool CSPY Downloader


APT groups

 Kimsuky, Velvet ChollimaNorth Korea2012-Jan 2022X

1 group listed (1 APT, 0 other, 0 unknown)

Digital Service Security Center
Electronic Transactions Development Agency

Follow us on

Facebook Twitter

Report incidents

Telephone +66 (0)2-123-1227
E-mail [email protected]