Skip to content

S0454 Cadelspy

Cadelspy is a backdoor that has been used by APT39.1

Item Value
ID S0454
Associated Names
Type MALWARE
Version 1.0
Created 22 May 2020
Last Modified 29 May 2020
Navigation Layer View In ATT&CK® Navigator

Techniques Used

Domain ID Name Use
enterprise T1010 Application Window Discovery Cadelspy has the ability to identify open windows on the compromised host.1
enterprise T1560 Archive Collected Data Cadelspy has the ability to compress stolen data into a .cab file.1
enterprise T1123 Audio Capture Cadelspy has the ability to record audio from the compromised host.1
enterprise T1115 Clipboard Data Cadelspy has the ability to steal data from the clipboard.1
enterprise T1056 Input Capture -
enterprise T1056.001 Keylogging Cadelspy has the ability to log keystrokes on the compromised host.1
enterprise T1120 Peripheral Device Discovery Cadelspy has the ability to steal information about printers and the documents sent to printers.1
enterprise T1113 Screen Capture Cadelspy has the ability to capture screenshots and webcam photos.1
enterprise T1082 System Information Discovery Cadelspy has the ability to discover information about the compromised host.1

Groups That Use This Software

ID Name References
G0087 APT39 1

References