dneSpy

Description

DneSpy collects information, takes screenshots, and downloads and executes the latest version of other malicious components in the infected system. The malware is designed to receive a “policy” file in JSON format with all the commands to execute. The policy file sent by the C&C server can be changed and updated over time, making dneSpy flexible and well-designed. The output of each executed command is zipped, encrypted, and exfiltrated to the C&C server. These characteristics make dneSpy a fully functional espionage backdoor.

Names

Name
dneSpy

Type

Backdoor
Info stealer
Exfiltration

Information

https://www.trendmicro.com/en_us/research/20/j/operation-earth-kitsune-a-dance-of-two-new-backdoors.html
https://documents.trendmicro.com/assets/white_papers/wp-operation-earth-kitsune.pdf

Malpedia

https://malpedia.caad.fkie.fraunhofer.de/details/win.dnespy

Other Information

Uuid

1be82a99-1719-48c3-a640-e93743a4c823

Last Card Change

2022-12-29

Threat Intelligence Garden

Explorer

dneSpy

dneSpy

Description

Names

Category

Type

Information

Malpedia

Other Information

Uuid

Last Card Change

Graph View

Table of Contents

Backlinks