Threat Group Cards: A Threat Actor Encyclopedia
Archived: 2026-04-05 23:45:31 UTC
Home > List all groups > List all tools > List all groups using tool CHERRYSPY
 Tool: CHERRYSPY
Names CHERRYSPY
Category Malware
Type Backdoor
Description
(The Hacker News) a Python backdoor codenamed CHERRYSPY, which is capable of running
commands issued by a remote server.
Information
<https://thehackernews.com/2024/07/ukrainian-institutions-targeted-using.html>
<https://cert.gov.ua/article/6280129>
Last change to this tool card: 27 August 2024
Download this tool card in JSON format
All groups using tool CHERRYSPY
Changed Name Country Observed
APT groups
  Sofacy, APT 28, Fancy Bear, Sednit 2004-Apr 2025
1 group listed (1 APT, 0 other, 0 unknown)
Source: https://apt.etda.or.th/cgi-bin/listgroups.cgi?u=cf2472e2-b447-46a6-b572-3954135468c0
https://apt.etda.or.th/cgi-bin/listgroups.cgi?u=cf2472e2-b447-46a6-b572-3954135468c0
Page 1 of 1