T9

T6-24-02-S-E-DEGN

Spyware (Tedy)

Spyware is malicious software installed without the user's consent to collect personal information or monitor computer activities. It typically gathers sensitive data such as web browsing history, passwords, and credit card details, transmitting them to third parties and compromising privacy. Spyware often infiltrates systems during the installation of free software or through malicious links and email attachments. Signs of spyware infection include reduced system performance, increased pop-up ads, and unusual network traffic. To prevent it, avoid untrusted software, keep security software updated regularly, and refrain from clicking on suspicious links.

This spyware detected on 2024-12-02 in VirusTotal.

The main features are as follows

1. Remove yourself from windows defender scan files

2. Use PowerShell Script

	OS	IP	Software	Log collection time	Program runtime
Attacker	-	-	-	30 sec	80 sec
Victim	Windows 10	192.168.56.112	-	30 sec	80 sec

Installing

python3 -m pip install rich pyfiglet

Using

python3 run.py

MITRE ATT&CK Framework

Attack Tactic
Reconnaissance	Resource Development	Initial Access	Execution	Persistence	Privilege Escalation	Defense Evasion
Credential	Discovery	Lateral Movement	Collection	Command and Control	Exfiltration	Impact

Logs

./log/2024_02_T6_{time}.evtx # YYmmdd_HHMMSS

References

[1] ESTSECURITY [No.181 2024.10 ESRC 보안동향보고서]
[2] VirusTotal [28AB56D70469C88E4DDE1241C1A2F742202757D4C7AC5259C4308DDD74337045]
[3] CTX [28AB56D70469C88E4DDE1241C1A2F742202757D4C7AC5259C4308DDD74337045]

※ Click on the attack name to see a description and scenario for the attack