ETDA สำนักงานพัฒนาธุรกรรมทางอิเล็กทรอนิกส์
Electronic Transactions Development Agency
Report
Search
Home > List all groups > List all tools > List all groups using tool SPINNER

Threat Group Cards: A Threat Actor Encyclopedia

Permanent link Tool: SPINNER

NamesSPINNER
CategoryMalware
TypeReconnaissance, Backdoor, Exfiltration
Description(Check Point) Many of the functions inside the final payload share similar logic with the SPINNER variant described above, but the payload lacks the compiler-level obfuscations observed in the newer campaign making it easier to analyze. Furthermore, the previous version of the backdoor contains additional features. This is another indication that the initial SPINNER backdoor version we observed is only a part of the bigger payload. It’s likely the actors eventually split the payload and only equipped the first stage of the main backdoor with essential functions: enumeration of the victim’s machine and execution of the next stage payloads received from the C&C server.

The full version of the SPINNER backdoor contains the following capabilities:
• Collects information about the infected machine (enumerate disks, files).
• Exfiltrates files from the infected machine and manipulates the local files.
• Runs OS commands and executes downloaded payload, as part of typical backdoor capabilities.
Information<https://research.checkpoint.com/2022/twisted-panda-chinese-apt-espionage-operation-against-russians-state-owned-defense-institutes/>

Last change to this tool card: 19 July 2022

Download this tool card in JSON format

All groups using tool SPINNER

ChangedNameCountryObserved

APT groups

 Twisted PandaChina2021 

1 group listed (1 APT, 0 other, 0 unknown)

Digital Service Security Center
Electronic Transactions Development Agency

Follow us on

Facebook Twitter

Report incidents

Telephone +66 (0)2-123-1227
E-mail [email protected]