STARWHALE (764c6121-2d15-4a10-ac53-b1c431dc8b47)
STARWHALE is Windows Script File (WSF) backdoor that has been used by MuddyWater, possibly since at least November 2021; there is also a STARWHALE variant written in Golang with similar capabilities. Security researchers have also noted the use of STARWHALE by UNC3313, which may be associated with MuddyWater.[Mandiant UNC3313 Feb 2022][DHS CISA AA22-055A MuddyWater February 2022]
| Cluster A | Galaxy A | Cluster B | Galaxy B | Level |
|---|---|---|---|---|
| STARWHALE (764c6121-2d15-4a10-ac53-b1c431dc8b47) | Tidal Software | MuddyWater (dcb260d8-9d53-404f-9ff5-dbee2c6effe6) | Tidal Groups | 1 |