WIREFIRE (93b02819-8acc-5d7d-ad11-abb33f9309cc)
WIREFIRE is a web shell written in Python that exists as trojanized logic to the visits.py component of Ivanti Connect Secure VPN appliances. WIREFIRE was used during Cutting Edge for downloading files and command execution.[Mandiant Cutting Edge January 2024]
| Cluster A | Galaxy A | Cluster B | Galaxy B | Level |
|---|---|---|---|---|
| WIREFIRE (93b02819-8acc-5d7d-ad11-abb33f9309cc) | Tidal Software | UNC5221 (71e9b27e-8d68-4ed6-b3ab-14142558b9ff) | Tidal Groups | 1 |