Threat Group Cards: A Threat Actor Encyclopedia
Archived: 2026-04-06 00:56:48 UTC
Home > List all groups > List all tools > List all groups using tool Spellbinder
 Tool: Spellbinder
Names Spellbinder
Category Malware
Type Backdoor, Tunneling, Downloader
Description
(ESET) Spellbinder enables adversary-in-the-middle (AitM) attacks, through IPv6 stateless
address autoconfiguration (SLAAC) spoofing, to move laterally in the compromised network,
intercepting packets and redirecting the traffic of legitimate Chinese software so that it
downloads malicious updates from a server controlled by the attackers.
Information
Last change to this tool card: 27 June 2025
Download this tool card in JSON format
All groups using tool Spellbinder
Changed Name Country Observed
APT groups
 TheWizards 2022
1 group listed (1 APT, 0 other, 0 unknown)
Source: https://apt.etda.or.th/cgi-bin/listgroups.cgi?u=704eb26c-c472-45dc-97cd-985f3153dc6c
https://apt.etda.or.th/cgi-bin/listgroups.cgi?u=704eb26c-c472-45dc-97cd-985f3153dc6c
Page 1 of 1