Skip to content

Hide Navigation Hide TOC

PitSock (4fe6de12-eaea-4632-8ddb-63899a20cc2c)

PitSock, associated with UNC5325, is a backdoor that intercepts the accept and setsockopt functions of the web process by altering its procedure linkage table (PLT). Through this modification, it establishes communication via the Unix socket /tmp/clientsDownload.sock upon receiving a predefined 48-byte magic byte sequence in the incoming buffer.[Mandiant Cutting Edge Part 3 February 2024]

Cluster A Galaxy A Cluster B Galaxy B Level
PitSock (4fe6de12-eaea-4632-8ddb-63899a20cc2c) Tidal Software UNC5325 (be7243cb-6031-4e2a-97d9-3522c002becd) Tidal Groups 1