IMAPLoader (Deprecated) (0832ffda-240a-4455-a53b-71b2683bea09)
We are no longer maintaining this object in favor of a similar object subsequently published by MITRE: "IMAPLoader" (Software). All relevant Tidal content extensions (e.g. additional Technique and Object relationships and metadata) have been added to the MITRE-authored object.
IMAPLoader is a .NET downloader that uses email-based channels for command and control communication. It is believed to be developed and used by Yellow Liderc a threat actor group based in Iran and aligned with the Iranian Islamic Revolutionary Guard Corp (IRGC). IMAPLoader is delivered via drive-by compromises and phishing attacks.[PwC Yellow Liderc October 25 2023]
| Cluster A | Galaxy A | Cluster B | Galaxy B | Level |
|---|---|---|---|---|
| IMAPLoader (Deprecated) (0832ffda-240a-4455-a53b-71b2683bea09) | Tidal Software | Yellow Liderc (Deprecated) (9e8620c4-a560-4081-aefc-118c7ec3fc22) | Tidal Groups | 1 |