SOFTWARE
Overview
3PARA RAT
4H RAT
adbupd
Adups
ADVSTORESHELL
Agent Tesla
Agent.btz
Allwinner
Android Overlay Malware
Android/Chuli.A
ANDROIDOS_ANSERVER.A
AndroRAT
Arp
ASPXSpy
Astaroth
at
AuditCred
AutoIt backdoor
Azorult
Backdoor.Oldrea
BACKSPACE
BADCALL
BADNEWS
BadPatch
Bandook
Bankshot
BBSRAT
BISCUIT
Bisonal
BITSAdmin
BLACKCOFFEE
BlackEnergy
BONDUPDATER
BOOTRASH
BrainTest
Brave Prince
Briba
BS2005
BUBBLEWRAP
Cachedump
CALENDAR
Calisto
CallMe
Cannon
Carbanak
Carbon
Cardinal RAT
Catchamas
CCBkdr
certutil
Chaos
Charger
ChChes
Cherry Picker
China Chopper
CHOPSTICK
CloudDuke
cmd
Cobalt Strike
Cobian RAT
CoinTicker
Comnie
ComRAT
CORALDECK
CORESHELL
CosmicDuke
CozyCar
Crimson
CrossRAT
DarkComet
Daserf
DDKONG
DealersChoice
Dendroid
Denis
Derusbi
Dipsind
DOGCALL
Dok
Downdelph
DownPaper
DressCode
Dridex
DroidJack
dsquery
DualToy
Duqu
DustySky
Dyre
Ebury
Elise
ELMER
Emissary
Emotet
Empire
Epic
EvilBunny
EvilGrab
Exaramel
Expand
FakeM
FALLCHILL
Felismus
FELIXROOT
Fgdump
Final1stspy
FinFisher
Flame
FLASHFLOOD
FlawedAmmyy
FlawedGrace
FLIPSIDE
Forfiles
FruitFly
FTP
Gazer
GeminiDuke
gh0st RAT
GLOOXMAIL
Gold Dragon
Gooligan
GravityRAT
GreyEnergy
gsecdump
H1N1
Hacking Team UEFI Rootkit
HALFBAKED
HAMMERTOSS
HAPPYWORK
HARDRAIN
Havij
HAWKBALL
hcdLoader
HDoor
Helminth
Hi-Zor
HiddenWasp
HIDEDRV
Hikit
HOMEFRY
HOPLIGHT
HTRAN
HTTPBrowser
httpclient
HummingBad
HummingWhale
Hydraq
HyperBro
ifconfig
iKitten
Impacket
InnaputRAT
InvisiMole
Invoke-PSImage
ipconfig
ISMInjector
Ixeshe
Janicab
JCry
JHUHUGIT
JPIN
jRAT
Judy
KARAE
Kasidet
Kazuar
KeyBoy
Keydnap
KEYMARBLE
KeyRaider
Koadic
Komplex
KOMPROGO
KONNI
Kwampirs
LaZagne
LightNeuron
Linfo
Linux Rabbit
LockerGoga
LoJax
LOWBALL
Lslsass
Lurid
MacSpy
Marcher
Matroyshka
MazarBOT
meek
Micropsia
Mimikatz
MimiPenguin
Miner-C
MiniDuke
MirageFox
Mis-Type
Misdat
Mivast
MobileOrder
MoonWind
More_eggs
Mosquito
MURKYTOP
Naid
NanHaiShu
NanoCore
NavRAT
nbtstat
NDiskMonitor
Nerex
Net
Net Crawler
NETEAGLE
netsh
netstat
NetTraveler
NETWIRE
Nidiran
njRAT
Nltest
NOKKI
NotCompatible
NotPetya
OBAD
OceanSalt
Octopus
OLDBAIT
OldBoot
Olympic Destroyer
OnionDuke
OopsIE
Orz
OSInfo
OSX_OCEANLOTUS.D
OwaAuth
P2P ZeuS
Pallas
Pasam
Pass-The-Hash Toolkit
Pegasus for Android
Pegasus for iOS
PHOREAL
PinchDuke
Ping
Pisloader
PJApps
PLAINTEE
PlugX
pngdowner
PoisonIvy
POORAIM
PoshC2
POSHSPY
Power Loader
PowerDuke
POWERSOURCE
PowerSploit
PowerStallion
POWERSTATS
POWERTON
POWRUNER
Prikormka
Proton
Proxysvc
PsExec
Psylo
Pteranodon
PUNCHBUGGY
PUNCHTRACK
Pupy
pwdump
QUADAGENT
QuasarRAT
RARSTONE
RATANKBA
RawDisk
RawPOS
RCSAndroid
Reaver
RedDrop
RedLeaves
Reg
Regin
Remcos
Remexi
RemoteCMD
Remsec
Responder
Revenge RAT
RGDoor
RIPTIDE
ROCKBOOT
RogueRobin
ROKRAT
route
Rover
RTM
Ruler
RuMMS
RunningRAT
S-Type
Sakula
SamSam
schtasks
SDelete
SeaDuke
Seasalt
SEASHARPEE
ServHelper
Shamoon
ShiftyBug
SHIPSHAPE
SHOTPUT
SHUTTERSPEED
Skeleton Key
Skygofree
SLOWDRIFT
Smoke Loader
SNUGRIDE
Socksbot
SOUNDBITE
SPACESHIP
SpeakUp
spwebmember
SpyDealer
SpyNote RAT
sqlmap
SQLRat
SslMM
Starloader
Stealth Mango
StoneDrill
StreamEx
Sykipot
SynAck
Sys10
Systeminfo
T9000
Taidoor
Tangelo
Tasklist
TDTESS
TEXTMATE
TINYTYPHON
TinyZBot
Tor
TrickBot
Trojan-SMS.AndroidOS.Agent.ao
Trojan-SMS.AndroidOS.FakeInst.a
Trojan-SMS.AndroidOS.OpFake.a
Trojan.Karagany
Trojan.Mebromi
Truvasys
TURNEDUP
Twitoor
TYPEFRAME
UACMe
UBoatRAT
Umbreon
Unknown Logger
UPPERCUT
Uroburos
Ursnif
USBStealer
Vasport
VERMIN
Volgmer
WannaCry
WEBC2
Wiarp
Windows Credential Editor
WINDSHIELD
WINERACK
Winexe
Wingbird
WinMM
Winnti
Wiper
WireLurker
X-Agent for Android
XAgentOSX
Xbash
Xbot
xCmd
XcodeGhost
XLoader
XTunnel
Yahoyah
YiSpecter
yty
Zebrocy
ZergHelper
Zeroaccess
ZeroT
Zeus Panda
ZLib
zwShell
Overview
1-9
A-B
C-D
E-F
G-H
I-J
K-L
M-N
O-P
Q-R
S-T
U-V
W-X
Y-Z
adbupd
Adups
ADVSTORESHELL
Agent Tesla
Agent.btz
Allwinner
Android Overlay Malware
Android/Chuli.A
ANDROIDOS_ANSERVER.A
AndroRAT
Arp
ASPXSpy
Astaroth
at
AuditCred
AutoIt backdoor
Azorult
Backdoor.Oldrea
BACKSPACE
BADCALL
BADNEWS
BadPatch
Bandook
Bankshot
BBSRAT
BISCUIT
Bisonal
BITSAdmin
BLACKCOFFEE
BlackEnergy
BONDUPDATER
BOOTRASH
BrainTest
Brave Prince
Briba
BS2005
BUBBLEWRAP
Cachedump
CALENDAR
Calisto
CallMe
Cannon
Carbanak
Carbon
Cardinal RAT
Catchamas
CCBkdr
certutil
Chaos
Charger
ChChes
Cherry Picker
China Chopper
CHOPSTICK
CloudDuke
cmd
Cobalt Strike
Cobian RAT
CoinTicker
Comnie
ComRAT
CORALDECK
CORESHELL
CosmicDuke
CozyCar
Crimson
CrossRAT
DarkComet
Daserf
DDKONG
DealersChoice
Dendroid
Denis
Derusbi
Dipsind
DOGCALL
Dok
Downdelph
DownPaper
DressCode
Dridex
DroidJack
dsquery
DualToy
Duqu
DustySky
Dyre
Gazer
GeminiDuke
gh0st RAT
GLOOXMAIL
Gold Dragon
Gooligan
GravityRAT
GreyEnergy
gsecdump
H1N1
Hacking Team UEFI Rootkit
HALFBAKED
HAMMERTOSS
HAPPYWORK
HARDRAIN
Havij
HAWKBALL
hcdLoader
HDoor
Helminth
Hi-Zor
HiddenWasp
HIDEDRV
Hikit
HOMEFRY
HOPLIGHT
HTRAN
HTTPBrowser
httpclient
HummingBad
HummingWhale
Hydraq
HyperBro
MacSpy
Marcher
Matroyshka
MazarBOT
meek
Micropsia
Mimikatz
MimiPenguin
Miner-C
MiniDuke
MirageFox
Mis-Type
Misdat
Mivast
MobileOrder
MoonWind
More_eggs
Mosquito
MURKYTOP
Naid
NanHaiShu
NanoCore
NavRAT
nbtstat
NDiskMonitor
Nerex
Net
Net Crawler
NETEAGLE
netsh
netstat
NetTraveler
NETWIRE
Nidiran
njRAT
Nltest
NOKKI
NotCompatible
NotPetya
OBAD
OceanSalt
Octopus
OLDBAIT
OldBoot
Olympic Destroyer
OnionDuke
OopsIE
Orz
OSInfo
OSX_OCEANLOTUS.D
OwaAuth
P2P ZeuS
Pallas
Pasam
Pass-The-Hash Toolkit
Pegasus for Android
Pegasus for iOS
PHOREAL
PinchDuke
Ping
Pisloader
PJApps
PLAINTEE
PlugX
pngdowner
PoisonIvy
POORAIM
PoshC2
POSHSPY
Power Loader
PowerDuke
POWERSOURCE
PowerSploit
PowerStallion
POWERSTATS
POWERTON
POWRUNER
Prikormka
Proton
Proxysvc
PsExec
Psylo
Pteranodon
PUNCHBUGGY
PUNCHTRACK
Pupy
pwdump
S-Type
Sakula
SamSam
schtasks
SDelete
SeaDuke
Seasalt
SEASHARPEE
ServHelper
Shamoon
ShiftyBug
SHIPSHAPE
SHOTPUT
SHUTTERSPEED
Skeleton Key
Skygofree
SLOWDRIFT
Smoke Loader
SNUGRIDE
Socksbot
SOUNDBITE
SPACESHIP
SpeakUp
spwebmember
SpyDealer
SpyNote RAT
sqlmap
SQLRat
SslMM
Starloader
Stealth Mango
StoneDrill
StreamEx
Sykipot
SynAck
Sys10
Systeminfo
T9000
Taidoor
Tangelo
Tasklist
TDTESS
TEXTMATE
TINYTYPHON
TinyZBot
Tor
TrickBot
Trojan-SMS.AndroidOS.Agent.ao
Trojan-SMS.AndroidOS.FakeInst.a
Trojan-SMS.AndroidOS.OpFake.a
Trojan.Karagany
Trojan.Mebromi
Truvasys
TURNEDUP
Twitoor
TYPEFRAME
SPACESHIP
SPACESHIP is malware developed by APT30 that allows propagation and exfiltration of data over removable devices. APT30 may use this capability to exfiltrate data across air-gaps. [1]
ID: S0035
Type: MALWARE
Platforms: Windows
Version: 1.0
Techniques Used
| Domain | ID | Name | Use |
|---|---|---|---|
| Enterprise | T1022 | Data Encrypted | Data SPACESHIP copies to the staging area is compressed with zlib. Bytes are rotated by four positions and XOR'ed with 0x23.[1] |
| Enterprise | T1074 | Data Staged | SPACESHIP identifies files with certain extensions and copies them to a directory in the user's profile.[1] |
| Enterprise | T1052 | Exfiltration Over Physical Medium | SPACESHIP copies staged data to removable drives when they are inserted into the system.[1] |
| Enterprise | T1083 | File and Directory Discovery | SPACESHIP identifies files and directories for collection by searching for specific file extensions or file modification time.[1] |
| Enterprise | T1060 | Registry Run Keys / Startup Folder | SPACESHIP achieves persistence by creating a shortcut in the current user's Startup folder.[1] |
| Enterprise | T1023 | Shortcut Modification | SPACESHIP achieves persistence by creating a shortcut in the current user's Startup folder.[1] |
Groups
Groups that use this software:
APT30