ShimRat (a3287231-351f-472f-96cc-24db2e3829c7)
ShimRat has been used by the suspected China-based adversary Mofang in campaigns targeting multiple countries and sectors including government, military, critical infrastructure, automobile, and weapons development. The name "ShimRat" comes from the malware's extensive use of Windows Application Shimming to maintain persistence. [FOX-IT May 2016 Mofang]
| Cluster A | Galaxy A | Cluster B | Galaxy B | Level |
|---|---|---|---|---|
| ShimRat (a3287231-351f-472f-96cc-24db2e3829c7) | Tidal Software | Mofang (8bc69792-c26d-4493-87e3-d8e47605fed8) | Tidal Groups | 1 |