CHOPSTICK (01c6c49a-f7c8-44cd-a377-4dfd358ffeba)
CHOPSTICK is a malware family of modular backdoors used by APT28. It has been used since at least 2012 and is usually dropped on victims as second-stage malware, though it has been used as first-stage malware in several cases. It has both Windows and Linux variants. [FireEye APT28] [ESET Sednit Part 2] [FireEye APT28 January 2017] [DOJ GRU Indictment Jul 2018] It is tracked separately from the X-Agent for Android.
| Cluster A | Galaxy A | Cluster B | Galaxy B | Level |
|---|---|---|---|---|
| APT28 (5b1a5b9e-4722-41fc-a15d-196a549e3ac5) | Tidal Groups | CHOPSTICK (01c6c49a-f7c8-44cd-a377-4dfd358ffeba) | Tidal Software | 1 |