JumbledPath - S1206 (05489800-6c6f-4922-a0de-d573b333e612)

JumbledPath is a custom-built utility written in GO that has been used by Salt Typhoon since at least 2024 for packet capture on remote Cisco devices. JumbledPath is compiled as an ELF binary using x86-64 architecture which makes it potentially useable across Linux operating systems and network devices from multiple vendors.(Citation: Cisco Salt Typhoon FEB 2025)

Cluster A	Galaxy A	Cluster B	Galaxy B	Level
Impair Defenses - T1562 (3d333250-30e4-4a82-9edc-756c68afc529)	Attack Pattern	JumbledPath - S1206 (05489800-6c6f-4922-a0de-d573b333e612)	Malware	1
Clear Linux or Mac System Logs - T1070.002 (2bce5b30-7014-4a5d-ade7-12913fe6ac36)	Attack Pattern	JumbledPath - S1206 (05489800-6c6f-4922-a0de-d573b333e612)	Malware	1
Network Sniffing - T1040 (3257eb21-f9a7-4430-8de1-d8b6e288f529)	Attack Pattern	JumbledPath - S1206 (05489800-6c6f-4922-a0de-d573b333e612)	Malware	1
Archive Collected Data - T1560 (53ac20cd-aca3-406e-9aa0-9fc7fdc60a5a)	Attack Pattern	JumbledPath - S1206 (05489800-6c6f-4922-a0de-d573b333e612)	Malware	1
Multi-Stage Channels - T1104 (84e02621-8fdf-470f-bd58-993bb6a89d91)	Attack Pattern	JumbledPath - S1206 (05489800-6c6f-4922-a0de-d573b333e612)	Malware	1
Hide Infrastructure - T1665 (eb897572-8979-4242-a089-56f294f4c91d)	Attack Pattern	JumbledPath - S1206 (05489800-6c6f-4922-a0de-d573b333e612)	Malware	1
Indicator Removal - T1070 (799ace7f-e227-4411-baa0-8868704f2a69)	Attack Pattern	Clear Linux or Mac System Logs - T1070.002 (2bce5b30-7014-4a5d-ade7-12913fe6ac36)	Attack Pattern	2