CSPY Downloader

Description

(Cybereason) Upon analysis, the Nocturnus determined that winload.exe is a new type of a downloader, dubbed “CSPY” by Cybereason, that is packed with robust evasion techniques meant to ensure that the “coast is clear” and that the malware does not run in a context of a virtual machine or analysis tools before it continues to download secondary payloads.

Names

Name
CSPY Downloader

Type

Downloader

Information

https://www.cybereason.com/blog/back-to-the-future-inside-the-kimsuky-kgh-spyware-suite

Mitre Attack

https://attack.mitre.org/software/S0527/

Other Information

Uuid

1ac999c3-fa3d-40ea-a79d-3b1a05d6dd25

Last Card Change

2022-12-30

Threat Intelligence Garden

Explorer

CSPY Downloader

CSPY Downloader

Description

Names

Category

Type

Information

Mitre Attack

Other Information

Uuid

Last Card Change

Graph View

Table of Contents

Backlinks