Final1stspy

Final1stspy is a dropper family that has been used to deliver DOGCALL.[1]

ID: S0355
Type: MALWARE
Platforms: Windows

Version: 1.0

Techniques Used

DomainIDNameUse
EnterpriseT1140Deobfuscate/Decode Files or InformationFinal1stspy uses Python code to deobfuscate base64-encoded strings.[1]
EnterpriseT1027Obfuscated Files or InformationFinal1stspy obfuscates strings with base64 encoding.[1]
EnterpriseT1057Process DiscoveryFinal1stspy obtains a list of running processes.[1]
EnterpriseT1060Registry Run Keys / Startup FolderFinal1stspy creates a Registry Run key to establish persistence.[1]
EnterpriseT1071Standard Application Layer ProtocolFinal1stspy uses HTTP for C2.[1]
EnterpriseT1082System Information DiscoveryFinal1stspy obtains victim Microsoft Windows version information and CPU architecture.[1]

Groups

Groups that use this software:

APT37

References