IMAPLoader (0832ffda-240a-4455-a53b-71b2683bea09)
IMAPLoader is a .NET downloader that uses email-based channels for command and control communication. It is believed to be developed and used by Yellow Liderc a threat actor group based in Iran and aligned with the Iranian Islamic Revolutionary Guard Corp (IRGC). IMAPLoader is delivered via drive-by compromises and phishing attacks.[PwC Yellow Liderc October 25 2023]
| Cluster A | Galaxy A | Cluster B | Galaxy B | Level |
|---|---|---|---|---|
| IMAPLoader (0832ffda-240a-4455-a53b-71b2683bea09) | Tidal Software | Private Cluster (9e8620c4-a560-4081-aefc-118c7ec3fc22) | Unknown | 1 |