1. Home
  2. Software
  3. Cadelspy

Cadelspy

Cadelspy is a backdoor that has been used by APT39.[1]

ID: S0454
Type: MALWARE
Platforms: Windows
Version: 1.0
Created: 22 May 2020
Last Modified: 29 May 2020
Enterprise Layer
download view

Techniques Used

Domain ID Name Use
Enterprise T1010 Application Window Discovery

Cadelspy has the ability to identify open windows on the compromised host.[1]
Enterprise T1560 Archive Collected Data

Cadelspy has the ability to compress stolen data into a .cab file.[1]
Enterprise T1123 Audio Capture

Cadelspy has the ability to record audio from the compromised host.[1]
Enterprise T1115 Clipboard Data

Cadelspy has the ability to steal data from the clipboard.[1]
Enterprise T1056 .001 Input Capture: Keylogging

Cadelspy has the ability to log keystrokes on the compromised host.[1]
Enterprise T1120 Peripheral Device Discovery

Cadelspy has the ability to steal information about printers and the documents sent to printers.[1]
Enterprise T1113 Screen Capture

Cadelspy has the ability to capture screenshots and webcam photos.[1]
Enterprise T1082 System Information Discovery

Cadelspy has the ability to discover information about the compromised host.[1]

Groups That Use This Software

ID Name References
G0087 APT39

[1]

References

  1. Symantec Security Response. (2015, December 7). Iran-based attackers use back door threats to spy on Middle Eastern targets. Retrieved April 17, 2019.