Kerrdown

Kerrdown is a downloader used by APT32 to install spyware from a server on the victim's network.[1]

ID: S0585
Type: MALWARE
Platforms: Windows
Version: 1.0
Created: 02 March 2021
Last Modified: 02 March 2021

Techniques Used

Domain ID Name Use
Enterprise T1570 Lateral Tool Transfer

Kerrdown can download additional software including Cobalt Strike from servers on the victim's network.[1]

Enterprise T1566 .002 Phishing: Spearphishing Link

Kerrdown has been distributed via e-mails containing a malicious link.[1]

.001 Phishing: Spearphishing Attachment

Kerrdown has been distributed through malicious e-mail attachments.[1]

Enterprise T1204 .001 User Execution: Malicious Link

Kerrdown has gained execution through victims opening malicious links.[1]

.002 User Execution: Malicious File

Kerrdown has gained execution through victims opening malicious files.[1]

References