Skip to content

Hide Navigation Hide TOC

BRICKSTORM (64a0e3ab-e201-4fdc-9836-85365dfa84bb)

BRICKSTORM is a Go backdoor targeting VMware vCenter servers. It supports the ability to set itself up as a web server, perform file system and directory manipulation, perform file operations such as upload/download, run shell commands, and perform SOCKS relaying. BRICKSTORM communicates over WebSockets to a hard-coded C2.

Cluster A Galaxy A Cluster B Galaxy B Level
BRICKSTORM (64a0e3ab-e201-4fdc-9836-85365dfa84bb) Backdoor UTA0178 (f288f686-b5b3-4c86-9960-5f8fb18709a3) Threat Actor 1
UTA0178 (f288f686-b5b3-4c86-9960-5f8fb18709a3) Threat Actor UNC5337 (6fcf8d1f-2e68-4982-a579-2ca5595e4990) Threat Actor 2
UTA0178 (f288f686-b5b3-4c86-9960-5f8fb18709a3) Threat Actor ROOTROT (69d0512d-c12a-4e17-a335-deba012a8499) Tool 2
UNC5337 (6fcf8d1f-2e68-4982-a579-2ca5595e4990) Threat Actor SPAWNANT (e6cf28a6-94a9-4aab-b919-ad2f6a7e3b87) Tool 3
SPAWNSNAIL (de390f3e-c0d1-4c70-b121-a7a98f7326aa) Backdoor UNC5337 (6fcf8d1f-2e68-4982-a579-2ca5595e4990) Threat Actor 3
SPAWNMOLE (6c89c51f-1b97-4966-abc1-9cf526bb2892) Tool UNC5337 (6fcf8d1f-2e68-4982-a579-2ca5595e4990) Threat Actor 3
SPAWNSLOTH (2c237974-edc2-460a-90b5-20f699560da3) Tool UNC5337 (6fcf8d1f-2e68-4982-a579-2ca5595e4990) Threat Actor 3
SPAWNMOLE (6c89c51f-1b97-4966-abc1-9cf526bb2892) Tool SPAWNANT (e6cf28a6-94a9-4aab-b919-ad2f6a7e3b87) Tool 4
SPAWNSNAIL (de390f3e-c0d1-4c70-b121-a7a98f7326aa) Backdoor SPAWNANT (e6cf28a6-94a9-4aab-b919-ad2f6a7e3b87) Tool 4
SPAWNSNAIL (de390f3e-c0d1-4c70-b121-a7a98f7326aa) Backdoor SPAWNMOLE (6c89c51f-1b97-4966-abc1-9cf526bb2892) Tool 4
SPAWNSNAIL (de390f3e-c0d1-4c70-b121-a7a98f7326aa) Backdoor SPAWNSLOTH (2c237974-edc2-460a-90b5-20f699560da3) Tool 4