Threat Group Cards: A Threat Actor Encyclopedia
Archived: 2026-04-05 19:49:41 UTC
Home > List all groups > List all tools > List all groups using tool dneSpy
 Tool: dneSpy
Names dneSpy
Category Malware
Type Backdoor, Info stealer, Exfiltration
Description
DneSpy collects information, takes screenshots, and downloads and executes the latest version
of other malicious components in the infected system. The malware is designed to receive a
“policy” file in JSON format with all the commands to execute. The policy file sent by the
C&C server can be changed and updated over time, making dneSpy flexible and well-designed. The output of each executed command is zipped, encrypted, and exfiltrated to the
C&C server. These characteristics make dneSpy a fully functional espionage backdoor.
Information
<https://www.trendmicro.com/en_us/research/20/j/operation-earth-kitsune-a-dance-of-two-new-backdoors.html>
<https://documents.trendmicro.com/assets/white_papers/wp-operation-earth-kitsune.pdf>
Malpedia <https://malpedia.caad.fkie.fraunhofer.de/details/win.dnespy>
Last change to this tool card: 29 December 2022
Download this tool card in JSON format
All groups using tool dneSpy
Changed Name Country Observed
APT groups
  Operation Earth Kitsune 2019-Late 2022  
1 group listed (1 APT, 0 other, 0 unknown)
https://apt.etda.or.th/cgi-bin/listgroups.cgi?u=1be82a99-1719-48c3-a640-e93743a4c823
Page 1 of 2

Source: https://apt.etda.or.th/cgi-bin/listgroups.cgi?u=1be82a99-1719-48c3-a640-e93743a4c823
https://apt.etda.or.th/cgi-bin/listgroups.cgi?u=1be82a99-1719-48c3-a640-e93743a4c823
Page 2 of 2

APT groups Operation Earth Kitsune 2019-Late 2022 
1 group listed (1 APT, 0 other, 0 unknown) 
   Page 1 of 2