Orz (45a52a29-00c0-458a-b705-1040e06a43f2)
Orz is a custom JavaScript backdoor used by Leviathan. It was observed being used in 2014 as well as in August 2017 when it was dropped by Microsoft Publisher files. [Proofpoint Leviathan Oct 2017] [FireEye Periscope March 2018]
| Cluster A | Galaxy A | Cluster B | Galaxy B | Level |
|---|---|---|---|---|
| Orz (45a52a29-00c0-458a-b705-1040e06a43f2) | Tidal Software | Leviathan (eadd78e3-3b5d-430a-b994-4360b172c871) | Tidal Groups | 1 |