RedLeaves (5264c3ab-14e1-4ae1-854e-889ebde029b4)
RedLeaves is a malware family used by menuPass. The code overlaps with PlugX and may be based upon the open source tool Trochilus. [PWC Cloud Hopper Technical Annex April 2017] [FireEye APT10 April 2017]
| Cluster A | Galaxy A | Cluster B | Galaxy B | Level |
|---|---|---|---|---|
| RedLeaves (5264c3ab-14e1-4ae1-854e-889ebde029b4) | Tidal Software | menuPass (fb93231d-2ae4-45da-9dea-4c372a11f322) | Tidal Groups | 1 |