{ "name": "SadFuture: Mapping XDSpy latest evolution", "slug": "sadfuture-mapping-xdspy-latest-evolution", "description": "This report examines recent activities attributed to the XDSpy threat actor, focusing on an ongoing campaign targeting Eastern European and Russian governmental entities using the XDigo malware since March 2025. The investigation stemmed from analyzing a vulnerability in LNK files, leading to the discovery of a multi-stage infection chain. The report provides analysis of the XDigo implant and its connections to previous XDSpy activities. It also details the exploitation of LNK parsing issues and infrastructure used across different campaigns. The research uncovered additional, more recent XDSpy activity employing an alternative infection chain. Targets include government entities in Eastern Europe, with a confirmed victim in Belarus.", "published": "2025-06-26T19:26:15+00:00", "created_at": "2025-06-26T19:26:15+00:00", "modified_at": "2025-06-27T06:52:28+00:00", "created_at_opencti": "2025-06-26T19:26:15+00:00", "author": "", "confidence": null, "report_types": [], "labels": [], "tags": [ "2025-06-26", "eastern europe", "etdownloader", "government", "infrastructure analysis", "lnk exploitation", "xdigo" ], "related_entities": { "observables": [ { "id": "", "name": "protej.org.nniir.com" }, { "id": "", "name": "zimniyeravlecheniya.com" }, { "id": "", "name": "zhestovyyliker.com" }, { "id": "", "name": "zetta-strakhovaniye.com" }, { "id": "", "name": "zelenyysalat.com" }, { "id": "", "name": "zagruzka-pdf.com" }, { "id": "", "name": "zagruzkafayla.com" }, { "id": "", "name": "zagruzkadannykh.com" }, { "id": "", "name": "vash-disk.com" }, { "id": "", "name": "utrenneyesolntse.com" }, { "id": "", "name": "tvoy-disk.com" }, { "id": "", "name": "tvoi-fayly.com" }, { "id": "", "name": "temnayamashina.com" }, { "id": "", "name": "tantsuyushchiykarlik.com" }, { "id": "", "name": "slomannyymonitor.com" }, { "id": "", "name": "sogrevayushchiynapitok.com" }, { "id": "", "name": "svobodnoepredlozheniye.com" }, { "id": "", "name": "skachivanie-failov24.com" }, { "id": "", "name": "skachivanie-failov.com" }, { "id": "", "name": "seychaspozzhe.com" }, { "id": "", "name": "ru-sistema.com" }, { "id": "", "name": "serayagrust.com" }, { "id": "", "name": "ru-pochta365.com" }, { "id": "", "name": "reyestr-faylov.com" }, { "id": "", "name": "quan-miami.com" }, { "id": "", "name": "promenimath.com" }, { "id": "", "name": "portfolio-elena.com" }, { "id": "", "name": "pechalnoyebudushcheye.com" }, { "id": "", "name": "pdfsklad.com" }, { "id": "", "name": "pdfmagazin.com" }, { "id": "", "name": "pdf-sklad.com" }, { "id": "", "name": "pdfdepozit.com" }, { "id": "", "name": "pdf-reyestr.com" }, { "id": "", "name": "otpravkafaylov.com" }, { "id": "", "name": "obmen-faylami.com" }, { "id": "", "name": "nniir.com" }, { "id": "", "name": "nevynosimayapchela.com" }, { "id": "", "name": "moy-fayl.com" }, { "id": "", "name": "moy-pdf.com" }, { "id": "", "name": "melodicprogress.com" }, { "id": "", "name": "lunnayareka.com" }, { "id": "", "name": "magnitgroup.com" }, { "id": "", "name": "laultrachunk.com" }, { "id": "", "name": "kletchatayarubashka.com" }, { "id": "", "name": "krasnayastena.com" }, { "id": "", "name": "khoroshayamych.com" }, { "id": "", "name": "khitrayalisitsa.com" }, { "id": "", "name": "full-downloader.com" }, { "id": "", "name": "file-magazin.com" }, { "id": "", "name": "faylsklad.com" }, { "id": "", "name": "faylbox365.com" }, { "id": "", "name": "enjoyever.com" }, { "id": "", "name": "dwd765m.com" }, { "id": "", "name": "easy-download24.com" }, { "id": "", "name": "dversteklo.com" }, { "id": "", "name": "doverennyye-fayly.com" }, { "id": "", "name": "downloading24.com" }, { "id": "", "name": "coolpelear.com" }, { "id": "", "name": "chistyyvozdukh.com" }, { "id": "", "name": "cellporyad.com" }, { "id": "", "name": "bystryvelosiped.com" }, { "id": "", "name": "aoc-upravleniye.com" }, { "id": "", "name": "bukhgalter-x5group.com" }, { "id": "", "name": "ffc538f2c6e91f07be067311ed143d28c5437a8af69974f751c043e2944d60b2" }, { "id": "", "name": "fb1df37336d79861b13d5f4ba875393c7e91b12cd73302cb414c1d084104a6a8" }, { "id": "", "name": "f7be89ae645831d519b7c781d69cf8e88e5762b824c9a6753eb16b25c4abef76" }, { "id": "", "name": "efd44bc4e0efcab72106ea065c8a89d51d499202732319b21324487e8d00eccf" }, { "id": "", "name": "ef34c433c818774b466ba4e6f677b1c6cf51bb9213a60fd779fd7df39011e97b" }, { "id": "", "name": "ef8fdec66751b6a17da45dd4d9c22cef8d3c78604e7a8bc6fc8e2b30342ff408" }, { "id": "", "name": "e32f04362ec4db90e024bfb57adf6e5c02f1061cd17dbf81a5bbc0b588119b25" }, { "id": "", "name": "e95f2982195399b5f9e453be6db02a346bb516320659a3ade2c385bcb7fc27da" }, { "id": "", "name": "e0ffc3442215b888c55d8dfd9d33c5cfff315a59089aeb42da4cf6869eed8f5d" }, { "id": "", "name": "dd279ea6c2a660ff7e70788af4a6c98524836c1b63beed756a77942c83de06fa" }, { "id": "", "name": "ccf56b6b727da47c89f7a1a47cc04ab3a41d225c1298a74f16c939a5622b03f2" }, { "id": "", "name": "c8899a6e8d3dd11c75217253f8dd78f5029c01e886880cafce0388d5fd6aa54b" }, { "id": "", "name": "be6a545180300554eea2ee6ece9f835a12996059d726df810fe13ba0044033cd" }, { "id": "", "name": "bcb5df098a79e3bc1d8bcb3b1a354b6643afdb4ca40333e0548e5ed1a9470cac" }, { "id": "", "name": "bbc5e80d3f068d8eff0cfa745ecba97903a83dfd9fe6f43cf05e803bbe9ce8b9" }, { "id": "", "name": "bc0b9075e3b8504c4e0c7097c6be8aa05f96032053ec43e502d297136aaf375e" }, { "id": "", "name": "b03d9dd170cd82890ee1a5503529b81ce8064893e31a88b87081a8c72610d810" }, { "id": "", "name": "a9b9022aedd1b9afbd7ab1f11f60f236102e1f70b340658da8cb39c072a9af61" }, { "id": "", "name": "a8d578d4b50ac4029db22b76563e927ab691075aacc87621795b16b388b7d48c" }, { "id": "", "name": "a28ee84bfbad9107ad39802e25c24ae0eaa00a870eca09039076a0360dcbd869" }, { "id": "", "name": "9f17ff59172a802bc6ce8490c1ea379a5bf75af839f8b59373fba8c51e878af0" }, { "id": "", "name": "83341b08425a1a247becd79e829064ddbd309636d7d62a369338ffd47af6e955" }, { "id": "", "name": "7d6eb47ff307bebf87022575edd19181ad34ee5a5db1f408a25d16cd27d8aa2f" }, { "id": "", "name": "7e04c69685d8612f7fc3512ad9ad1802a28428f75874b8717c0f04e939a3324d" }, { "id": "", "name": "81bb1cf3a805c1375bb3251eea9f1ad132ab1266295a75cda9ffe9278588ac7f" }, { "id": "", "name": "7c0597aa77031a100db0941921b60f08079bec7f710b6e736a15012db6465c39" }, { "id": "", "name": "7a2af22372a4fd3ba89d36fdee38967cb77f43e14255d0b5ad80da863b146625" }, { "id": "", "name": "792c5a2628ec1be86e38b0a73a44c1a9247572453555e7996bb9d0a58e37b62b" }, { "id": "", "name": "77b2f2ef5bc3b7bb2d1b85491ece85b56da37685652526c6fa6e3562cd12e3b6" }, { "id": "", "name": "68347b0c6494a56dd0f6492c6c56158b46bcaf44878a8741f6e63ff2946cf30f" }, { "id": "", "name": "747dfd7f0ca893034136fd286c737b55edc9276b5794a02c6dd3771da0342729" }, { "id": "", "name": "678f79e78847a1274238740bb8cada62f9c41cab96df8537d87d38850502d0a2" }, { "id": "", "name": "666f4977abf17db6da2d05b385c5cf53f6500517226a3ac5bd0360eda9193d08" }, { "id": "", "name": "564b2184a7f53d5f1680673ced354f5e956d897b7e1ea7d3f992cc38be6a9b20" }, { "id": "", "name": "52a98f2b2de46bc0835a11d2ba22b874a09788596507c13ac22b9b8877a8f3c6" }, { "id": "", "name": "5409eb70942a6b875d8343437bb04e368f56de1854953fa87890fc8ee8a8bc37" }, { "id": "", "name": "5248b0e4af1914762cc1c436a898d12d5f74980b816155f4191dc9692402668f" }, { "id": "", "name": "4f1d5081adf8ceed3c3daaaa3804e5a4ac2e964ec90590e716bc8b34953083e8" }, { "id": "", "name": "49714e2a0eb4d16882654fd60304e6fa8bfcf9dbd9cd272df4e003f68c865341" }, { "id": "", "name": "40e3fcfcc09fd84b2745b75e0e5e7beae866f4300ec8f36e2e9ab3197f198dcd" }, { "id": "", "name": "40bc204062a1f936c246fbffbed1a6bb41107ad9e5ad25df8970e4090258e145" }, { "id": "", "name": "3adeda2a154dcf017ffed634fba593f80df496eb2be4bee0940767c8631be7c1" }, { "id": "", "name": "38489af1360af2cb7ba70f61e4c562fa63ce58e59576ba452db560f75ed1680a" }, { "id": "", "name": "2dde92fc0936cb275be79d5864c98772d1270e4a54c01e61ebc4b856b5e048d5" }, { "id": "", "name": "2414dd462e3ca05ecd37aa56dc8841f5ef9588663572e7bc36d07520af7864b1" }, { "id": "", "name": "1793dae4d05cc7be9575f14ae7a73ffe3b8279a811c0db40f56f0e2c1ee8dd61" }, { "id": "", "name": "155b94be1c3dca48314f6f2ee0c89c09553851ecc9ceefc436e16ebb7fca5f1a" }, { "id": "", "name": "15277bfc6b784c373d535fbda9396bd16c15d990943423167602fb81b26d0f07" }, { "id": "", "name": "12fd8d45a181adfd6725ea9806d72ed61b3af1e31d80fa7ddd32e1932a8dfd75" }, { "id": "", "name": "0d983f5fb403b500ec48f13a951548d5a10572fde207cf3f976b9daefb660f7e" }, { "id": "", "name": "0a626f1837da9043e65ccf9e23192aef36d58402a1fd56577952c7bb426f2ec5" }, { "id": "", "name": "0993b0bb897402954eb9057bc84ea98e2c12ff1185a87ac3c3a15a241560bb1a" }, { "id": "", "name": "07e2376d2c4318b0f9c472d01342d67e23a2e8edc182533a291336dfeaff4e60" }, { "id": "", "name": "031e05d15afabef6010179d2acd09925395167fd442b64b6aa8ffd81bd5e268e" }, { "id": "", "name": "056cd36bf4bc6efc119a64f2ffedd76f3dcb75daa95c22c59d91664dfcaa6fd5" }, { "id": "", "name": "021d13de99e996fbf03e57b78ce67630c19d33242eee8480383d7b065edebb51" }, { "id": "", "name": "f3f2c3c5836ce6e3cb92aa6dfc0f133e15a7fd169a3d1049b7d82e49d1577273" }, { "id": "", "name": "e14fdb6c0b5b64e1ca318b7ad3ac9a4fd6dec60ef03089b87199306eba6e0ca6" }, { "id": "", "name": "95060ba948948eea9bfc801731960b97d3efceb300622630afcbccfe12c21ccd" }, { "id": "", "name": "5e34d754b0a938de7e512614f8fc6d7cd6c704f76b05044e07c97bd44bd5d591" }, { "id": "", "name": "59b907430dde62fc7a0d1c33c38081b7dcf43777815d1abcf07e0c77f76f5894" }, { "id": "", "name": "448245612a5388074e32251a0b44769170c586cc4c2ae06cd953c7a461ce34a6" }, { "id": "", "name": "e62c3135fd708ee420cf767fa1654d8d66ff01f5160ddadf633e3cc5eaeaa926" }, { "id": "", "name": "d5c0fd26ba1504bde3222202f7a257efa9cdbc6949718495a7c33cd6510fce2a" }, { "id": "", "name": "cfd0d56ca3d6c9ca232252570522c4b904be2807c461276979b1f8c551ccd4aa" }, { "id": "", "name": "9c1acde0627da8b518b0522d6fed15cecf35b20ed8920628e9f580cfc3f450ed" }, { "id": "", "name": "904db68a915b4bbd0b4b2d665bb1e2c51fa1b71b9c44ce45ccd4b4664f2bfd8e" }, { "id": "", "name": "65209053f042e428b64f79ea8f570528beaa537038aa3aa50a0db6846ba8d2ec" }, { "id": "", "name": "5be9aba659baa089bcd253905deaf3f084f2b8f03701e90f2a46b36781165925" }, { "id": "", "name": "536cd589cd685806b4348b9efa06843a90decae9f4135d1b11d8e74c7911f37d" }, { "id": "", "name": "0b705938e0063e73e03645e0c7a00f7c8d8533f1912eab5bf9ad7bc44d2cf9c3" } ], "malware": [ { "id": "legacy:malware:0ae88791c95ab7b4", "name": "ETDownloader", "slug": "etdownloader" }, { "id": "legacy:malware:571c8520a5289c5b", "name": "XDigo", "slug": "xdigo" } ], "intrusion_sets": [ { "id": "3117e2fc-ada1-44d5-bad9-2e4efa739333", "name": "XDSpy", "slug": "xdspy" } ], "attack_patterns": [ { "id": "6f00068c-812c-4e2b-9100-2cfa86b3aed9", "name": "T1132.001" }, { "id": "c22b5073-f426-4294-98bb-219d17345158", "name": "T1553.002" }, { "id": "81b422de-709e-43bd-b471-2befac0c623a", "name": "T1218.011" }, { "id": "6b2e0999-c7e8-4662-94ac-19aa8520ee46", "name": "T1059.003" }, { "id": "f4a450ef-8297-42e5-9e47-01162138baa2", "name": "T1115" }, { "id": "5999052b-e9ae-49e8-9235-d9bf975c22af", "name": "T1547.001" }, { "id": "8e0fea81-4d54-4e88-a7dd-3aa8b26558ed", "name": "T1113" }, { "id": "c9ee9b30-ba84-4c24-95e9-e8242d42af3f", "name": "T1071.001" }, { "id": "97d377d8-89c7-48f8-a79f-0f48bd60df74", "name": "T1005" }, { "id": "70616b2f-4019-4963-b758-5d9f6f20e201", "name": "T1082" }, { "id": "45082a8e-9c79-470e-ad1b-decac7188e8f", "name": "T1083" }, { "id": "50514c04-b3a2-4abf-a855-e3a434200c87", "name": "T1204" }, { "id": "0156fcda-e385-4662-b388-086c3e16feec", "name": "T1140" }, { "id": "0c836307-129e-4ff7-a532-180c633cacba", "name": "T1027" }, { "id": "d9b45b3b-d093-4016-89e9-48f31ff4d05d", "name": "T1566" } ], "others": [ { "id": "", "name": "Belarus" }, { "id": "", "name": "Kazakhstan" }, { "id": "", "name": "Russian Federation" }, { "id": "", "name": "Government" } ] }, "external_refs": [ "https://harfanglab.io/insidethelab/sadfuture-xdspy-latest-evolution/", "https://otx.alienvault.com/pulse/685dbaf793f1bd2d7f80f7f8" ] }