Skip to content

Hide Navigation Hide TOC

JumbledPath - S1206 (05489800-6c6f-4922-a0de-d573b333e612)

JumbledPath is a custom-built utility written in GO that has been used by Salt Typhoon since at least 2024 for packet capture on remote Cisco devices. JumbledPath is compiled as an ELF binary using x86-64 architecture which makes it potentially useable across Linux operating systems and network devices from multiple vendors.(Citation: Cisco Salt Typhoon FEB 2025)

Cluster A Galaxy A Cluster B Galaxy B Level
Impair Defenses - T1562 (3d333250-30e4-4a82-9edc-756c68afc529) Attack Pattern JumbledPath - S1206 (05489800-6c6f-4922-a0de-d573b333e612) Malware 1
JumbledPath - S1206 (05489800-6c6f-4922-a0de-d573b333e612) Malware Clear Linux or Mac System Logs - T1070.002 (2bce5b30-7014-4a5d-ade7-12913fe6ac36) Attack Pattern 1
Network Sniffing - T1040 (3257eb21-f9a7-4430-8de1-d8b6e288f529) Attack Pattern JumbledPath - S1206 (05489800-6c6f-4922-a0de-d573b333e612) Malware 1
JumbledPath - S1206 (05489800-6c6f-4922-a0de-d573b333e612) Malware Archive Collected Data - T1560 (53ac20cd-aca3-406e-9aa0-9fc7fdc60a5a) Attack Pattern 1
JumbledPath - S1206 (05489800-6c6f-4922-a0de-d573b333e612) Malware Multi-Stage Channels - T1104 (84e02621-8fdf-470f-bd58-993bb6a89d91) Attack Pattern 1
JumbledPath - S1206 (05489800-6c6f-4922-a0de-d573b333e612) Malware Hide Infrastructure - T1665 (eb897572-8979-4242-a089-56f294f4c91d) Attack Pattern 1
Indicator Removal - T1070 (799ace7f-e227-4411-baa0-8868704f2a69) Attack Pattern Clear Linux or Mac System Logs - T1070.002 (2bce5b30-7014-4a5d-ade7-12913fe6ac36) Attack Pattern 2