Malware: Spica

Description

[Spica](https://attack.mitre.org/software/S1140) is a custom backdoor written in Rust that has been used by [Star Blizzard](https://attack.mitre.org/groups/G1033) since at least 2023.(Citation: Google TAG COLDRIVER January 2024)

External References

• mitre-attack
• Google TAG COLDRIVER January 2024

Techniques Used by This Malware

• T1036.004 — Masquerade Task or Service
• T1053.005 — Scheduled Task
• T1059.001 — PowerShell
• T1083 — File and Directory Discovery
• T1095 — Non-Application Layer Protocol
• T1105 — Ingress Tool Transfer
• T1140 — Deobfuscate/Decode Files or Information
• T1539 — Steal Web Session Cookie
• T1560 — Archive Collected Data

APT Groups Using This Malware

• Star Blizzard