S0454 Cadelspy
Cadelspy is a backdoor that has been used by APT39.1
| Item | Value |
|---|---|
| ID | S0454 |
| Associated Names | |
| Type | MALWARE |
| Version | 1.0 |
| Created | 22 May 2020 |
| Last Modified | 29 May 2020 |
| Navigation Layer | View In ATT&CK® Navigator |
Techniques Used
| Domain | ID | Name | Use |
|---|---|---|---|
| enterprise | T1010 | Application Window Discovery | Cadelspy has the ability to identify open windows on the compromised host.1 |
| enterprise | T1560 | Archive Collected Data | Cadelspy has the ability to compress stolen data into a .cab file.1 |
| enterprise | T1123 | Audio Capture | Cadelspy has the ability to record audio from the compromised host.1 |
| enterprise | T1115 | Clipboard Data | Cadelspy has the ability to steal data from the clipboard.1 |
| enterprise | T1056 | Input Capture | - |
| enterprise | T1056.001 | Keylogging | Cadelspy has the ability to log keystrokes on the compromised host.1 |
| enterprise | T1120 | Peripheral Device Discovery | Cadelspy has the ability to steal information about printers and the documents sent to printers.1 |
| enterprise | T1113 | Screen Capture | Cadelspy has the ability to capture screenshots and webcam photos.1 |
| enterprise | T1082 | System Information Discovery | Cadelspy has the ability to discover information about the compromised host.1 |
Groups That Use This Software
| ID | Name | References |
|---|---|---|
| G0087 | APT39 | 1 |