RDFSNIFFER (ca4e973c-da15-46a9-8f3a-0b1560c9a783)
RDFSNIFFER is a module loaded by BOOSTWRITE which allows an attacker to monitor and tamper with legitimate connections made via an application designed to provide visibility and system management capabilities to remote IT techs.[FireEye FIN7 Oct 2019]
| Cluster A | Galaxy A | Cluster B | Galaxy B | Level |
|---|---|---|---|---|
| RDFSNIFFER (ca4e973c-da15-46a9-8f3a-0b1560c9a783) | Tidal Software | FIN7 (4348c510-50fc-4448-ab8d-c8cededd19ff) | Tidal Groups | 1 |