GooseEgg (f9c32a11-964c-4480-968b-e520b8c7b26e)
GooseEgg is a custom tool developed by Russian espionage group Forest Blizzard that is designed for privilege escalation and credential access purposes. GooseEgg exploits CVE-2022-38028, a vulnerability in the Windows Print Spooler service. Researchers describe the tool as a "simple" launcher application, but a range of subsequent post-exploitation actions are possible, including remote code execution, backdoor deployment, and lateral movement within the compromised network.[Microsoft Security Blog 4 22 2024]
| Cluster A | Galaxy A | Cluster B | Galaxy B | Level |
|---|---|---|---|---|
| GooseEgg (f9c32a11-964c-4480-968b-e520b8c7b26e) | Tidal Software | APT28 (5b1a5b9e-4722-41fc-a15d-196a549e3ac5) | Tidal Groups | 1 |