BrickStorm (032986ee-e041-4336-9a24-7d1858b28c39)
BrickStorm is a Go backdoor targeting VMware vCenter servers. It supports the ability to set itself up as a web server, perform file system and directory manipulation, perform file operations such as upload/download, run shell commands, and perform SOCKS relaying. BrickStorm communicates over WebSockets to a hard-coded C2.[Google Cloud April 4 2024]
| Cluster A | Galaxy A | Cluster B | Galaxy B | Level |
|---|---|---|---|---|
| UNC5221 (71e9b27e-8d68-4ed6-b3ab-14142558b9ff) | Tidal Groups | BrickStorm (032986ee-e041-4336-9a24-7d1858b28c39) | Tidal Software | 1 |