DRIEDMOAT (358f3c20-27f7-48e3-82cd-d26d35996e3d)
DRIEDMOAT is a passive backdoor that has been observed with an embedded certificate stolen from the compromised appliance that it uses to encrypt its C2 communications.[Mandiant UNC4841 August 29 2023][Google Cloud June 18 2024]
Cluster A | Galaxy A | Cluster B | Galaxy B | Level |
---|---|---|---|---|
DRIEDMOAT (358f3c20-27f7-48e3-82cd-d26d35996e3d) | Tidal Software | UNC3886 (23af694a-11f4-43eb-a176-683059b301cb) | Tidal Groups | 1 |