PitSock (4fe6de12-eaea-4632-8ddb-63899a20cc2c)
PitSock, associated with UNC5325, is a backdoor that intercepts the accept and setsockopt functions of the web process by altering its procedure linkage table (PLT). Through this modification, it establishes communication via the Unix socket /tmp/clientsDownload.sock upon receiving a predefined 48-byte magic byte sequence in the incoming buffer.[Mandiant Cutting Edge Part 3 February 2024]
Cluster A | Galaxy A | Cluster B | Galaxy B | Level |
---|---|---|---|---|
PitSock (4fe6de12-eaea-4632-8ddb-63899a20cc2c) | Tidal Software | UNC5325 (be7243cb-6031-4e2a-97d9-3522c002becd) | Tidal Groups | 1 |