{
	"id": "e1cb8f1a-db95-4b83-b7c6-3026a0213095",
	"created_at": "2026-04-06T00:18:18.024323Z",
	"updated_at": "2026-04-10T03:30:14.852249Z",
	"deleted_at": null,
	"sha1_hash": "f1b4d7c396dd9b71201abbd90acae522062d6352",
	"title": "malware-ioc/xdspy at master · eset/malware-ioc",
	"llm_title": "",
	"authors": "",
	"file_creation_date": "0001-01-01T00:00:00Z",
	"file_modification_date": "0001-01-01T00:00:00Z",
	"file_size": 37784,
	"plain_text": "malware-ioc/xdspy at master · eset/malware-ioc\r\nBy mFaou\r\nArchived: 2026-04-05 18:40:36 UTC\r\nC125A05CC87EA45BB5D5D07D62946DAEE1160F73\r\nJS/TrojanDropper.Agent.OAZ\r\nSpearphishing email (2015)\r\n99729AC323FC8A812FA2C8BE9AE82DF0F9B502CA\r\nLNK/TrojanDownloader.Agent.YJ\r\nMalicious LNK downloader\r\n63B988D0869C6A099C7A57AAFEA612A90E30C10F\r\nWin64/Agent.VB\r\nXDDown\r\nBB7A10F816D6FFFECB297D0BAE3BC2C0F2F2FFC6\r\nWin32/Agent.ABQB\r\nXDDown (oldest known sample)\r\n844A3854F67F4F524992BCD90F8752404DF1DA11\r\nWin64/Spy.Agent.CC\r\nXDRecon\r\nB333043B47ABE49156195CC66C97B9F488E83442\r\nWin64/Spy.Agent.CC\r\nXDUpload\r\n83EF84052AD9E7954ECE216A1479ABA9D403C36D\r\nWin64/Spy.Agent.CC\r\nXDUpload\r\n88410D6EB663FBA2FD2826083A3999C3D3BD07C9\r\nhttps://github.com/eset/malware-ioc/tree/master/xdspy/\r\nPage 1 of 2\n\nWin32/Agent.ABYL\r\nXDLoc\r\nCFD43C7A993EC2F203B17A9E6B8B392E9A296243\r\nWin32/PSW.Agent.OJS\r\nXDPass\r\n3B8445AA70D01DEA553A7B198A767798F52BB68A\r\nDOC/Abnormal.V\r\nMalicious RTF file that downloads the CVE-2020-0968 exploit\r\nAE34BEDBD39DA813E094E974A9E181A686D66069\r\nWin64/Agent.ACG\r\nXDDown\r\n5FE5EE492DE157AA745F3DE7AE8AA095E0AFB994\r\nVBS/TrojanDropper.Agent.OLJ\r\nMalicious script (Sep 2020)\r\nB807756E9CD7D131BD42C2F681878C7855063FE2\r\nWin64/Agent.AEJ\r\nXDDown (most recent as of writing)\r\nSource: https://github.com/eset/malware-ioc/tree/master/xdspy/\r\nhttps://github.com/eset/malware-ioc/tree/master/xdspy/\r\nPage 2 of 2",
	"extraction_quality": 1,
	"language": "EN",
	"sources": [
		"MISPGALAXY",
		"Malpedia"
	],
	"references": [
		"https://github.com/eset/malware-ioc/tree/master/xdspy/"
	],
	"report_names": [
		"xdspy"
	],
	"threat_actors": [
		{
			"id": "69cba9ab-de35-4103-a699-7d243bcfd196",
			"created_at": "2023-01-06T13:46:39.159472Z",
			"updated_at": "2026-04-10T02:00:03.233731Z",
			"deleted_at": null,
			"main_name": "XDSpy",
			"aliases": [],
			"source_name": "MISPGALAXY:XDSpy",
			"tools": [],
			"source_id": "MISPGALAXY",
			"reports": null
		},
		{
			"id": "d69b3831-de95-42c9-b4b6-26232627206f",
			"created_at": "2022-10-25T16:07:24.429466Z",
			"updated_at": "2026-04-10T02:00:04.985102Z",
			"deleted_at": null,
			"main_name": "XDSpy",
			"aliases": [],
			"source_name": "ETDA:XDSpy",
			"tools": [
				"ChromePass",
				"IE PassView",
				"MailPassView",
				"Network Password Recovery",
				"OperaPassView",
				"PasswordFox",
				"Protected Storage PassView",
				"XDDown",
				"XDList",
				"XDLoc",
				"XDMonitor",
				"XDPass",
				"XDRecon",
				"XDUpload"
			],
			"source_id": "ETDA",
			"reports": null
		}
	],
	"ts_created_at": 1775434698,
	"ts_updated_at": 1775791814,
	"ts_creation_date": 0,
	"ts_modification_date": 0,
	"files": {
		"pdf": "https://archive.orkl.eu/f1b4d7c396dd9b71201abbd90acae522062d6352.pdf",
		"text": "https://archive.orkl.eu/f1b4d7c396dd9b71201abbd90acae522062d6352.txt",
		"img": "https://archive.orkl.eu/f1b4d7c396dd9b71201abbd90acae522062d6352.jpg"
	}
}