MOPSLED (a556e5cb-2381-4346-a002-8b0ba07d34fa)
MOPSLED is a shellcode-based modular backdoor that has the capability to communicate over HTTP or a custom binary protocol over TCP to its C2 server. The core functionality of MOPSLED involves expanding its capabilities by retrieving plugins from the C2 server. MOPSLED also uses a custom ChaCha20 encryption algorithm to decrypt embedded and external configuration files.[Google Cloud June 18 2024]
| Cluster A | Galaxy A | Cluster B | Galaxy B | Level |
|---|---|---|---|---|
| UNC3886 (23af694a-11f4-43eb-a176-683059b301cb) | Tidal Groups | MOPSLED (a556e5cb-2381-4346-a002-8b0ba07d34fa) | Tidal Software | 1 |