CHERRYSPY (Malware Family)

SYMBOL	COMMON_NAME	aka. SYNONYMS

py.cherryspy (Back to overview)

CHERRYSPY

Actor(s): UAC-0063

According to CERT-UA, this is a PyArmor-protected backdoor capable of execution dynamically downloaded Python code.

References

2025-05-22 ⋅ Recorded Future ⋅ Insikt Group
Russia-Aligned TAG-110 Targets Tajikistan with Macro-Enabled Word Templates
CHERRYSPY HATVIBE

2025-05-22 ⋅ Recorded Future ⋅ Insikt Group
Russia-Aligned TAG-110 Targets Tajikistan with Macro-Enabled Word Documents
CHERRYSPY HATVIBE

2023-05-22 ⋅ ⋅ Cert-UA ⋅ Cert-UA
Espionage activity of UAC-0063 against Ukraine, Kazakhstan, Kyrgyzstan, Mongolia, Israel, India (CERT-UA#6549)
CHERRYSPY UAC-0063

There is no Yara-Signature yet.

CHERRYSPY Propose Change

References

CHERRYSPY