Cadelspy

Malware Profile Updated 3 months ago

Download STIX

Preview STIX

Cadelspy is a type of malware that has recently been infecting computers, compromising their security and stealing sensitive data. The malware infiltrates the system as a dropper, downloading two installer components based on whether the victim's system is 32-bit or 64-bit. Once inside, it executes the appropriate installer, launching its malicious payload and enabling it to run whenever any Windows program is executed. Cadelspy's main payload includes backdoor functionality, which allows it to perform various threatening activities. Our telemetry data indicates that more than a dozen entities have experienced infections from both Cadelspy and another malware, Remexi. These infections occurred within a close time frame, suggesting a coordinated attack. Interestingly, four of these entities were compromised with both threats at some point. One notable case involved a system running a SIM card editing application, which was infected with both Cadelspy and Remexi. Cadelspy operates by compressing all stolen data into a .cab file and uploading it to the attacker’s Command & Control (C&C) servers. This method of operation poses significant risks to the confidentiality and integrity of the infected systems' data. In comparison, Chafer’s threat Remexi contains fewer features than Cadelle’s Cadelspy, but it still poses a substantial threat to cybersecurity. Therefore, it is crucial for organizations to take necessary precautions to safeguard their systems against these types of malware.

What's your take? (Question 1 of 4)

Help tune the shared Cybergeist dataset, assist your peers, and earn karma. Expand the panel to get started.

Possible Aliases / Cluster overlaps

It's hard to track cluster overlaps and naming conventions between vendors, so here are some possible overlapping names / profiles you also may want to look at.

ID	Votes	Profile Description

Miscellaneous Associations

Other elements of context that could aid in the identification of relevance

Dropper

Payload

Windows

Associated Malware

To see the evidence that has resulted in this association, create a free account

ID	Type	Votes	Profile Description
Remexi	Unspecified	1	Remexi is a malware that was first reported by Symantec in 2015, being used by Iran-based attackers for cyber espionage operations in the Middle East. Developed using the C programming language and GCC compiler on Windows in the MinGW environment, Remexi is a backdoor Trojan that enables attackers t

Associated Threat Actors

To see the evidence that has resulted in this association, create a free account

ID	Type	Votes	Profile Description
Chafer	Unspecified	1	Chafer, also known as APT39 or Helix Kitten, is an Advanced Persistent Threat (APT) actor linked to Iran and has been actively tracked by cybersecurity firms such as Symantec and FireEye for over four years. Chafer's activities primarily involve utilizing open-source tools to target entities perceiv

Associated Vulnerabilities

To see the evidence that has resulted in this association, create a free account

ID	Type	Votes	Profile Description
No associations to display

Source Document References

Information about the Cadelspy Malware was read from the documents corpus below. This display is limited to 20 results, create a free account to see more

Source	CreatedAt	Title
MITRE	a year ago	Endpoint Protection - Symantec Enterprise