XDSpy, an indeterminate origin threat actor, used spear-phishing emails to deploy malware modules like XDDown, gathering system information and exfiltrating files.
Recent attacks by XDSpy involved phishing emails with agreement-related lures, spreading a malicious DLL file executed through DLL side-loading to deploy DSDownloader.
XDSpy targeted Russian organizations with a C#-base dropper called UTask, downloading a core module that fetched more payloads from a command-and-control server.
[
Collection
]
[
|
...
]