SlowStepper (07588c4c-39a8-4687-92ac-1da9a16186c5)
SlowStepper is a custom, modular backdoor that has been used by PlushDaemon, a "China-aligned" cyberespionage group. It was notably deployed by a malicious installer as part of a supply chain compromise targeting VPN software produced by a South Korean company.[ESET PlushDaemon January 22 2025]
| Cluster A | Galaxy A | Cluster B | Galaxy B | Level |
|---|---|---|---|---|
| PlushDaemon (3a97e7d2-d3f3-4a6c-bd5f-0e82fcc08ae6) | Tidal Groups | SlowStepper (07588c4c-39a8-4687-92ac-1da9a16186c5) | Tidal Software | 1 |