BUBBLEWRAP (2be4e3d2-e8c5-4406-8041-2c17bdb3a547)
BUBBLEWRAP is a full-featured, second-stage backdoor used by the admin@338 group. It is set to run when the system boots and includes functionality to check, upload, and register plug-ins that can further enhance its capabilities. [FireEye admin@338]
| Cluster A | Galaxy A | Cluster B | Galaxy B | Level |
|---|---|---|---|---|
| BUBBLEWRAP (2be4e3d2-e8c5-4406-8041-2c17bdb3a547) | Tidal Software | admin@338 (8567136b-f84a-45ed-8cce-46324c7da60e) | Tidal Groups | 1 |