Small Sieve (c58028b9-2e79-4bc9-9b04-d24ea4dd4948)
Small Sieve is a Telegram Bot API-based Python backdoor that has been distributed using a Nullsoft Scriptable Install System (NSIS) Installer; it has been used by MuddyWater since at least January 2022.[DHS CISA AA22-055A MuddyWater February 2022][NCSC GCHQ Small Sieve Jan 2022]
Security researchers have also noted Small Sieve's use by UNC3313, which may be associated with MuddyWater.[Mandiant UNC3313 Feb 2022]
Cluster A | Galaxy A | Cluster B | Galaxy B | Level |
---|---|---|---|---|
Small Sieve (c58028b9-2e79-4bc9-9b04-d24ea4dd4948) | Tidal Software | MuddyWater (dcb260d8-9d53-404f-9ff5-dbee2c6effe6) | Tidal Groups | 1 |