SPINNER

Description

(Check Point) Many of the functions inside the final payload share similar logic with the SPINNER variant described above, but the payload lacks the compiler-level obfuscations observed in the newer campaign making it easier to analyze. Furthermore, the previous version of the backdoor contains additional features. This is another indication that the initial SPINNER backdoor version we observed is only a part of the bigger payload. It’s likely the actors eventually split the payload and only equipped the first stage of the main backdoor with essential functions: enumeration of the victim’s machine and execution of the next stage payloads received from the C&C server.

The full version of the SPINNER backdoor contains the following capabilities: • Collects information about the infected machine (enumerate disks, files). • Exfiltrates files from the infected machine and manipulates the local files. • Runs OS commands and executes downloaded payload, as part of typical backdoor capabilities.

Names

Name
SPINNER

Type

Reconnaissance
Backdoor
Exfiltration

Information

https://research.checkpoint.com/2022/twisted-panda-chinese-apt-espionage-operation-against-russians-state-owned-defense-institutes/

Other Information

Uuid

783d3b2e-0298-469d-84b5-e10fa395d6e3

Last Card Change

2022-07-19

Threat Intelligence Garden

Explorer

SPINNER

SPINNER

Description

Names

Category

Type

Information

Other Information

Uuid

Last Card Change

Graph View

Table of Contents

Backlinks