Cadelspy

Cadelspy is a backdoor that has been used by APT39.[1]

ID: S0454
Type: MALWARE
Platforms: Windows
Version: 1.0
Created: 22 May 2020
Last Modified: 29 May 2020

Techniques Used

Domain ID Name Use
Enterprise T1010 Application Window Discovery

Cadelspy has the ability to identify open windows on the compromised host.[1]

Enterprise T1560 Archive Collected Data

Cadelspy has the ability to compress stolen data into a .cab file.[1]

Enterprise T1123 Audio Capture

Cadelspy has the ability to record audio from the compromised host.[1]

Enterprise T1115 Clipboard Data

Cadelspy has the ability to steal data from the clipboard.[1]

Enterprise T1056 .001 Input Capture: Keylogging

Cadelspy has the ability to log keystrokes on the compromised host.[1]

Enterprise T1120 Peripheral Device Discovery

Cadelspy has the ability to steal information about printers and the documents sent to printers.[1]

Enterprise T1113 Screen Capture

Cadelspy has the ability to capture screenshots and webcam photos.[1]

Enterprise T1082 System Information Discovery

Cadelspy has the ability to discover information about the compromised host.[1]

Groups That Use This Software

ID Name References
G0087 APT39

[1]

References