agfSpy

Description

The agfSpy backdoor retrieves configuration and commands from its C&C server. These commands allow the backdoor to execute shell commands and send the execution results back to the server. It also enumerates directories and can list, upload, download, and execute files, among other functions. The capabilities of agfSpy are very similar to dneSpy, except each backdoor uses a different C&C server and various formats in message exchanges.

Names

Name
agfSpy

Category

Malware

Type

• Backdoor

Information

• https://documents.trendmicro.com/assets/white_papers/wp-operation-earth-kitsune.pdf

Malpedia

• https://malpedia.caad.fkie.fraunhofer.de/details/win.agfspy

Other Information

Uuid

20206555-8dd2-4fbe-b878-7edba075b872

Last Card Change

2022-12-29