ThaiCERT    ETDA    MDES
Report
Search
Home > List all groups > List all tools > List all groups using tool CSPY Downloader

Threat Group Cards: A Threat Actor Encyclopedia

Permanent link Tool: CSPY Downloader

NamesCSPY Downloader
CategoryMalware
TypeDownloader
Description(Cybereason) Upon analysis, the Nocturnus determined that winload.exe is a new type of a downloader, dubbed “CSPY” by Cybereason, that is packed with robust evasion techniques meant to ensure that the “coast is clear” and that the malware does not run in a context of a virtual machine or analysis tools before it continues to download secondary payloads.
Information<https://www.cybereason.com/blog/back-to-the-future-inside-the-kimsuky-kgh-spyware-suite>

Last change to this tool card: 05 January 2021

Download this tool card in JSON format

All groups using tool CSPY Downloader

ChangedNameCountryObserved

APT groups

 Kimsuky, Velvet ChollimaNorth Korea2012-Mar 2020X

1 group listed (1 APT, 0 other, 0 unknown)

Thailand Computer Emergency Response Team (ThaiCERT)
Electronic Transactions Development Agency

Follow us on

Facebook Twitter

Report incidents

Telephone +66 (0)2-123-1234
E-mail report@thaicert.or.th
PGP Download PGP key