SPICA

Description

(Google) SPICA is written in Rust, and uses JSON over websockets for command and control (C2). It supports a number of commands including:

• Executing arbitrary shell commands • Stealing cookies from Chrome, Firefox, Opera and Edge • Uploading and downloading files • Perusing the filesystem by listing the contents of it • Enumerating documents and exfiltrating them in an archive • There is also a command called “telegram,” but the functionality of this command is unclear Once executed, SPICA decodes an embedded PDF, writes it to disk, and opens it as a decoy for the user. In the background, it establishes persistence and starts the main C2 loop, waiting for commands to execute.

Names

Name
SPICA

Type

Backdoor
Reconnaissance
Credential stealer
Info stealer
Downloader
Exfiltration

Information

https://blog.google/threat-analysis-group/google-tag-coldriver-russian-phishing-malware/

Mitre Attack

https://attack.mitre.org/software/S1140

Malpedia

https://malpedia.caad.fkie.fraunhofer.de/details/win.spica

Other Information

Uuid

070ba31e-1ec7-411f-9325-57391a1ca6cc

Last Card Change

2024-12-27

Threat Intelligence Garden

Explorer

SPICA

SPICA

Description

Names

Category

Type

Information

Mitre Attack

Malpedia

Other Information

Uuid

Last Card Change

Graph View

Table of Contents

Backlinks