SOFTWARE
Aria-body
SOFTWARE
1-9
A-B
C-D
E-F
G-H
I-J
K-L
M-N
O-P
Q-R
S-T
U-V
W-X
Y-Z
  1. Home
  2. Software
  3. Cadelspy

Cadelspy

Cadelspy is a backdoor that has been used by APT39.[1]

ID: S0454
Type: MALWARE
Platforms: Windows
Version: 1.0
Created: 22 May 2020
Last Modified: 29 May 2020
Version Permalink
Enterprise Layer
download view

Techniques Used

Domain ID Name Use
Enterprise T1010 Application Window Discovery

Cadelspy has the ability to identify open windows on the compromised host.[1]
Enterprise T1560 Archive Collected Data

Cadelspy has the ability to compress stolen data into a .cab file.[1]
Enterprise T1123 Audio Capture

Cadelspy has the ability to record audio from the compromised host.[1]
Enterprise T1115 Clipboard Data

Cadelspy has the ability to steal data from the clipboard.[1]
Enterprise T1056 .001 Input Capture: Keylogging

Cadelspy has the ability to log keystrokes on the compromised host.[1]
Enterprise T1120 Peripheral Device Discovery

Cadelspy has the ability to steal information about printers and the documents sent to printers.[1]
Enterprise T1113 Screen Capture

Cadelspy has the ability to capture screenshots and webcam photos.[1]
Enterprise T1082 System Information Discovery

Cadelspy has the ability to discover information about the compromised host.[1]

Groups That Use This Software

ID Name References
G0087 APT39

[1]

References

  1. Symantec Security Response. (2015, December 7). Iran-based attackers use back door threats to spy on Middle Eastern targets. Retrieved April 17, 2019.