POSHSPY (b92f28c4-cbc8-4721-ac79-2d8bdf5247e5)
POSHSPY is a backdoor that has been used by APT29 since at least 2015. It appears to be used as a secondary backdoor used if the actors lost access to their primary backdoors. [FireEye POSHSPY April 2017]
| Cluster A | Galaxy A | Cluster B | Galaxy B | Level |
|---|---|---|---|---|
| POSHSPY (b92f28c4-cbc8-4721-ac79-2d8bdf5247e5) | Tidal Software | APT29 (4c3e48b9-4426-4271-a7af-c3dfad79f447) | Tidal Groups | 1 |