ThinSpool (c1e0eeb4-f462-46fc-bf0b-ed9a9307a968)
ThinSpool is a dropper written in shell script that writes the web shell LightWire to a legitimate CS file. ThinSpool will re-add the malicious web shell code to legitimate files after an update.[Mandiant Cutting Edge January 2024]
| Cluster A | Galaxy A | Cluster B | Galaxy B | Level |
|---|---|---|---|---|
| UNC5221 (71e9b27e-8d68-4ed6-b3ab-14142558b9ff) | Tidal Groups | ThinSpool (c1e0eeb4-f462-46fc-bf0b-ed9a9307a968) | Tidal Software | 1 |