RootRot (1cfb417c-fe31-4500-b10a-12e70cd03e9b)
RootRot is a web shell written in Perl embedded into a legitimate Connect Secure .ttc file located at /data/runtime/tmp/tt/setcookie.thtml.ttc by exploiting CVE-2023-46805 and CVE-2024-21887.[Google Cloud April 4 2024]
| Cluster A | Galaxy A | Cluster B | Galaxy B | Level |
|---|---|---|---|---|
| UNC5221 (71e9b27e-8d68-4ed6-b3ab-14142558b9ff) | Tidal Groups | RootRot (1cfb417c-fe31-4500-b10a-12e70cd03e9b) | Tidal Software | 1 |