Skip to content

Hide Navigation Hide TOC

BrickStorm (032986ee-e041-4336-9a24-7d1858b28c39)

BrickStorm is a Go backdoor targeting VMware vCenter servers. It supports the ability to set itself up as a web server, perform file system and directory manipulation, perform file operations such as upload/download, run shell commands, and perform SOCKS relaying. BrickStorm communicates over WebSockets to a hard-coded C2.[Google Cloud April 4 2024]

Cluster A Galaxy A Cluster B Galaxy B Level
UNC5221 (71e9b27e-8d68-4ed6-b3ab-14142558b9ff) Tidal Groups BrickStorm (032986ee-e041-4336-9a24-7d1858b28c39) Tidal Software 1