Home > List all groups > List all tools > List all groups using tool Spellbinder

Threat Group Cards: A Threat Actor Encyclopedia

Names	Spellbinder
Category	Malware
Type	Backdoor, Tunneling, Downloader
Description	(ESET) Spellbinder enables adversary-in-the-middle (AitM) attacks, through IPv6 stateless address autoconfiguration (SLAAC) spoofing, to move laterally in the compromised network, intercepting packets and redirecting the traffic of legitimate Chinese software so that it downloads malicious updates from a server controlled by the attackers.
Information	<https://www.welivesecurity.com/en/eset-research/thewizards-apt-group-slaac-spoofing-adversary-in-the-middle-attacks/>

Last change to this tool card: 27 June 2025

Download this tool card in JSON format

1 group listed (1 APT, 0 other, 0 unknown)

APT groups