Tool: CSPY Downloader

Description

[CSPY Downloader](https://attack.mitre.org/software/S0527) is a tool designed to evade analysis and download additional payloads used by [Kimsuky](https://attack.mitre.org/groups/G0094).(Citation: Cybereason Kimsuky November 2020)

External References

• mitre-attack
• Cybereason Kimsuky November 2020

Techniques Used by This Tool

• T1027.002 — Software Packing
• T1036.004 — Masquerade Task or Service
• T1053.005 — Scheduled Task
• T1070 — Indicator Removal
• T1070.004 — File Deletion
• T1071.001 — Web Protocols
• T1105 — Ingress Tool Transfer
• T1112 — Modify Registry
• T1204.002 — Malicious File
• T1497.001 — System Checks
• T1548.002 — Bypass User Account Control
• T1553.002 — Code Signing

APT Groups Using This Tool

• Kimsuky