ETDA สำนักงานพัฒนาธุรกรรมทางอิเล็กทรอนิกส์
Electronic Transactions Development Agency
Report
Search
Home > List all groups > List all tools > List all groups using tool CSPY Downloader

Threat Group Cards: A Threat Actor Encyclopedia

Permanent link Tool: CSPY Downloader

NamesCSPY Downloader
CategoryMalware
TypeDownloader
Description(Cybereason) Upon analysis, the Nocturnus determined that winload.exe is a new type of a downloader, dubbed “CSPY” by Cybereason, that is packed with robust evasion techniques meant to ensure that the “coast is clear” and that the malware does not run in a context of a virtual machine or analysis tools before it continues to download secondary payloads.
Information<https://www.cybereason.com/blog/back-to-the-future-inside-the-kimsuky-kgh-spyware-suite>
MITRE ATT&CK<https://attack.mitre.org/software/S0527/>

Last change to this tool card: 30 December 2022

Download this tool card in JSON format

All groups using tool CSPY Downloader

ChangedNameCountryObserved

APT groups

 Kimsuky, Velvet ChollimaNorth Korea2012-Sep 2024 HOTX

1 group listed (1 APT, 0 other, 0 unknown)

Digital Service Security Center
Electronic Transactions Development Agency

Follow us on

Facebook Twitter

Report incidents

Telephone +66 (0)2-123-1227
E-mail [email protected]