PitDog (dbfd1b38-f599-4c8a-bc08-4b9e4afff105)
PitDog is a malicious SparkGateway plugin employing Kubo Injector to insert a shared object into web process memory, enabling persistent execution of a backdoor. It is activated during RDP connection negotiation, triggered by the Handshake plugin invocation. The getHandshakePlugin() method initiates a new thread from a Runnable interface, which iteratively calls SparkPlugin.watchdog() every ten (10) seconds. This approach ensures the continuous operation of the malicious watchdog method without disrupting the primary functionality of the SparkGateway application, serving as a persistence mechanism.[Mandiant Cutting Edge Part 3 February 2024]
| Cluster A | Galaxy A | Cluster B | Galaxy B | Level |
|---|---|---|---|---|
| PitDog (dbfd1b38-f599-4c8a-bc08-4b9e4afff105) | Tidal Software | UNC5325 (be7243cb-6031-4e2a-97d9-3522c002becd) | Tidal Groups | 1 |