JumbledPath - S1206 (05489800-6c6f-4922-a0de-d573b333e612)

JumbledPath is a custom-built utility written in GO that has been used by Salt Typhoon since at least 2024 for packet capture on remote Cisco devices. JumbledPath is compiled as an ELF binary using x86-64 architecture which makes it potentially useable across Linux operating systems and network devices from multiple vendors.(Citation: Cisco Salt Typhoon FEB 2025)

Cluster A	Galaxy A	Cluster B	Galaxy B	Level
Impair Defenses - T1562 (3d333250-30e4-4a82-9edc-756c68afc529)	Attack Pattern	JumbledPath - S1206 (05489800-6c6f-4922-a0de-d573b333e612)	Malware	1
JumbledPath - S1206 (05489800-6c6f-4922-a0de-d573b333e612)	Malware	Clear Linux or Mac System Logs - T1070.002 (2bce5b30-7014-4a5d-ade7-12913fe6ac36)	Attack Pattern	1
Network Sniffing - T1040 (3257eb21-f9a7-4430-8de1-d8b6e288f529)	Attack Pattern	JumbledPath - S1206 (05489800-6c6f-4922-a0de-d573b333e612)	Malware	1
JumbledPath - S1206 (05489800-6c6f-4922-a0de-d573b333e612)	Malware	Archive Collected Data - T1560 (53ac20cd-aca3-406e-9aa0-9fc7fdc60a5a)	Attack Pattern	1
JumbledPath - S1206 (05489800-6c6f-4922-a0de-d573b333e612)	Malware	Multi-Stage Channels - T1104 (84e02621-8fdf-470f-bd58-993bb6a89d91)	Attack Pattern	1
JumbledPath - S1206 (05489800-6c6f-4922-a0de-d573b333e612)	Malware	Hide Infrastructure - T1665 (eb897572-8979-4242-a089-56f294f4c91d)	Attack Pattern	1
Indicator Removal - T1070 (799ace7f-e227-4411-baa0-8868704f2a69)	Attack Pattern	Clear Linux or Mac System Logs - T1070.002 (2bce5b30-7014-4a5d-ade7-12913fe6ac36)	Attack Pattern	2