LITTLELAMB.WOOLTEA (c9c5e7ad-6e95-5d53-b4db-f6b51c7167ca)
LITTLELAMB.WOOLTEA is a backdoor that was used by UNC5325 during Cutting Edge to deploy malware on targeted Ivanti Connect Secure VPNs and to establish persistence across system upgrades and patches.[Mandiant Cutting Edge Part 3 February 2024]
| Cluster A | Galaxy A | Cluster B | Galaxy B | Level |
|---|---|---|---|---|
| LITTLELAMB.WOOLTEA (c9c5e7ad-6e95-5d53-b4db-f6b51c7167ca) | Tidal Software | UNC5325 (be7243cb-6031-4e2a-97d9-3522c002becd) | Tidal Groups | 1 |