GLASSTOKEN (5c1a1ce5-927c-5c79-8a14-2789756d41ee)
GLASSTOKEN is a custom web shell used by threat actors during Cutting Edge to execute commands on compromised Ivanti Secure Connect VPNs.[Volexity Ivanti Zero-Day Exploitation January 2024]
| Cluster A | Galaxy A | Cluster B | Galaxy B | Level |
|---|---|---|---|---|
| UNC5221 (71e9b27e-8d68-4ed6-b3ab-14142558b9ff) | Tidal Groups | GLASSTOKEN (5c1a1ce5-927c-5c79-8a14-2789756d41ee) | Tidal Software | 1 |