Threat Group Cards: A Threat Actor Encyclopedia
Archived: 2026-04-05 22:59:58 UTC
Home > List all groups > List all tools > List all groups using tool DRAWSTRING
 Tool: DRAWSTRING
Names DRAWSTRING
Category Malware
Type Downloader, Reconnaissance, Info stealer
Description
(Mandiant) A downloader, which Mandiant tracks as DRAWSTRING, has some internal recon
functionality. While primarily providing FIN13 the ability to download and execute arbitrary
files, DRAWSTRING will also execute systeminfo.exe and upload that information to a
command and control (C2) server.
Information <https://www.mandiant.com/resources/fin13-cybercriminal-mexico>
Last change to this tool card: 26 December 2021
Download this tool card in JSON format
All groups using tool DRAWSTRING
Changed Name Country Observed
APT groups
  FIN13 [Unknown] 2016  
1 group listed (1 APT, 0 other, 0 unknown)
Source: https://apt.etda.or.th/cgi-bin/listgroups.cgi?u=aebae8ef-2707-4ad8-9173-415439e38842
https://apt.etda.or.th/cgi-bin/listgroups.cgi?u=aebae8ef-2707-4ad8-9173-415439e38842
Page 1 of 1