Skip to content

Hide Navigation Hide TOC

HUI Loader (2df88e4e-5a89-5535-ae1a-4c68b19d9078)

HUI Loader is a custom DLL loader that has been used since at least 2015 by China-based threat groups including Cinnamon Tempest and menuPass to deploy malware on compromised hosts. HUI Loader has been observed in campaigns loading SodaMaster, PlugX, Cobalt Strike, Komplex, and several strains of ransomware.[SecureWorks BRONZE STARLIGHT Ransomware Operations June 2022]

Cluster A Galaxy A Cluster B Galaxy B Level
menuPass (fb93231d-2ae4-45da-9dea-4c372a11f322) Tidal Groups HUI Loader (2df88e4e-5a89-5535-ae1a-4c68b19d9078) Tidal Software 1
Cinnamon Tempest (8e059c6b-d278-5454-a234-a8ad69feb66c) Tidal Groups HUI Loader (2df88e4e-5a89-5535-ae1a-4c68b19d9078) Tidal Software 1