HOMETHREATSSPACESHIP
MALWARE FAMILY

SPACESHIP

Internal ID: win.spaceship
1
aliases
Last seen:Mar 17, 2026

Intelligence Profile

SPACESHIP searches for files with a specified set of file extensions and copies them to

a removable drive. FireEye believes that SHIPSHAPE is used to copy SPACESHIP to a removable drive,

which could be used to infect another victim computer, including an air-gapped computer. SPACESHIP is

then used to steal documents from the air-gapped system, copying them to a removable drive inserted

into the SPACESHIP-infected system

Threat Analysis

SPACESHIP is a malware family tracked by threat intelligence researchers and catalogued in the Malpedia dataset. It represents a distinct malicious software lineage with identifiable code characteristics, behaviors, and victimology.

External References

Quick Facts

TypeMalware Family
Aliases1

Also Known As

win.spaceship

Research Links

Data sourced from Malpedia, Ransomware.live, RansomLook, and CTIWATCH OSINT collection. Actor attribution is based on available intelligence and may be incomplete.
SPACESHIP — Malware Family | Threat Intelligence | CTIWATCH.COM