Skip to content

Hide Navigation Hide TOC

ROOTROT (69d0512d-c12a-4e17-a335-deba012a8499)

ROOTROT is a web shell written in Perl embedded into a legitimate Connect Secure .ttc file located at /data/runtime/tmp/tt/setcookie.thtml.ttc by exploiting CVE-2023-46805 and CVE-2024-21887.

Cluster A Galaxy A Cluster B Galaxy B Level
UTA0178 (f288f686-b5b3-4c86-9960-5f8fb18709a3) Threat Actor ROOTROT (69d0512d-c12a-4e17-a335-deba012a8499) Tool 1
BRICKSTORM (64a0e3ab-e201-4fdc-9836-85365dfa84bb) Backdoor UTA0178 (f288f686-b5b3-4c86-9960-5f8fb18709a3) Threat Actor 2
UTA0178 (f288f686-b5b3-4c86-9960-5f8fb18709a3) Threat Actor UNC5337 (6fcf8d1f-2e68-4982-a579-2ca5595e4990) Threat Actor 2
UNC5337 (6fcf8d1f-2e68-4982-a579-2ca5595e4990) Threat Actor SPAWNANT (e6cf28a6-94a9-4aab-b919-ad2f6a7e3b87) Tool 3
SPAWNSNAIL (de390f3e-c0d1-4c70-b121-a7a98f7326aa) Backdoor UNC5337 (6fcf8d1f-2e68-4982-a579-2ca5595e4990) Threat Actor 3
SPAWNMOLE (6c89c51f-1b97-4966-abc1-9cf526bb2892) Tool UNC5337 (6fcf8d1f-2e68-4982-a579-2ca5595e4990) Threat Actor 3
SPAWNSLOTH (2c237974-edc2-460a-90b5-20f699560da3) Tool UNC5337 (6fcf8d1f-2e68-4982-a579-2ca5595e4990) Threat Actor 3
SPAWNMOLE (6c89c51f-1b97-4966-abc1-9cf526bb2892) Tool SPAWNANT (e6cf28a6-94a9-4aab-b919-ad2f6a7e3b87) Tool 4
SPAWNSNAIL (de390f3e-c0d1-4c70-b121-a7a98f7326aa) Backdoor SPAWNANT (e6cf28a6-94a9-4aab-b919-ad2f6a7e3b87) Tool 4
SPAWNSNAIL (de390f3e-c0d1-4c70-b121-a7a98f7326aa) Backdoor SPAWNMOLE (6c89c51f-1b97-4966-abc1-9cf526bb2892) Tool 4
SPAWNSNAIL (de390f3e-c0d1-4c70-b121-a7a98f7326aa) Backdoor SPAWNSLOTH (2c237974-edc2-460a-90b5-20f699560da3) Tool 4