Skip to content

Hide Navigation Hide TOC

LITTLELAMB.WOOLTEA (c9c5e7ad-6e95-5d53-b4db-f6b51c7167ca)

LITTLELAMB.WOOLTEA is a backdoor that was used by UNC5325 during Cutting Edge to deploy malware on targeted Ivanti Connect Secure VPNs and to establish persistence across system upgrades and patches.[Mandiant Cutting Edge Part 3 February 2024]

Cluster A Galaxy A Cluster B Galaxy B Level
LITTLELAMB.WOOLTEA (c9c5e7ad-6e95-5d53-b4db-f6b51c7167ca) Tidal Software UNC5325 (be7243cb-6031-4e2a-97d9-3522c002becd) Tidal Groups 1