 |
สำนักงานพัฒนาธุรกรรมทางอิเล็กทรอนิกส์ Electronic Transactions Development Agency |
|
สำนักงานพัฒนาธุรกรรมทางอิเล็กทรอนิกส์ Electronic Transactions Development Agency |
Tool: dneSpy| Names | dneSpy | |
| Category | Malware | |
| Type | Backdoor, Info stealer, Exfiltration | |
| Description | DneSpy collects information, takes screenshots, and downloads and executes the latest version of other malicious components in the infected system. The malware is designed to receive a “policy” file in JSON format with all the commands to execute. The policy file sent by the C&C server can be changed and updated over time, making dneSpy flexible and well-designed. The output of each executed command is zipped, encrypted, and exfiltrated to the C&C server. These characteristics make dneSpy a fully functional espionage backdoor. | |
| Information | <https://www.trendmicro.com/en_us/research/20/j/operation-earth-kitsune-a-dance-of-two-new-backdoors.html> <https://documents.trendmicro.com/assets/white_papers/wp-operation-earth-kitsune.pdf> | |
| Malpedia | <https://malpedia.caad.fkie.fraunhofer.de/details/win.dnespy> | |
Last change to this tool card: 29 December 2022
Download this tool card in JSON format
Previous: dmsSpy
Next: DNSExfitrator
| Changed | Name | Country | Observed | ||
APT groups | |||||
| Operation Earth Kitsune |  | 2019-Late 2022 | |||
1 group listed (1 APT, 0 other, 0 unknown)
|
Digital Service Security Center Follow us on
|
Report incidents |
|
 |
+66 (0)2-123-1227 | |
 |
[email protected] | |