Spica
Spica is a custom backdoor written in Rust that has been used by Star Blizzard since at least 2023.[1]
ID: S1140
ⓘ
Type: MALWARE
ⓘ
Platforms: Windows
Version: 1.0
Created: 18 June 2024
Last Modified: 18 June 2024
Techniques Used
| Domain | ID | Name | Use | |
|---|---|---|---|---|
| Enterprise | T1036 | .004 | 伪装: Masquerade Task or Service |
Spica has created a scheduled task named |
| Enterprise | T1140 | 反混淆/解码文件或信息 |
Upon execution Spica can decode an embedded .pdf and write it to the desktop as a decoy document.[1] |
|
| Enterprise | T1059 | .001 | 命令与脚本解释器: PowerShell |
Spica can use an obfuscated PowerShell command to create a scheduled task for persistence.[1] |
| Enterprise | T1560 | 归档收集数据 | ||
| Enterprise | T1083 | 文件和目录发现 | ||
| Enterprise | T1539 | 窃取Web会话Cookie |
Spica has the ability to steal cookies from Chrome, Firefox, Opera, and Edge browsers.[1] |
|
| Enterprise | T1105 | 输入工具传输 |
Spica can upload and download files to and from compromised hosts.[1] |
|
| Enterprise | T1095 | 非应用层协议 |
Spica can use JSON over WebSockets for C2 communications.[1] |
|
| Enterprise | T1053 | .005 | 预定任务/作业: Scheduled Task |
Spica has created a scheduled task named |
Groups That Use This Software
| ID | Name | References |
|---|---|---|
| G1033 | Star Blizzard |