Jaguar Tooth (0eb47e25-56ec-42ba-9850-e50450b853e0)
Jaguar Tooth is a malicious software bundle consisting of a series of payloads and patches. Russia-backed APT28 used Jaguar Tooth during a series of compromises involving vulnerable Cisco routers belonging to U.S., Ukrainian, and other entities in 2021.[U.S. CISA APT28 Cisco Routers April 18 2023]
According to an April 2023 UK National Cyber Security Centre technical report on Jaguar Tooth, the malware is deployed and executed via exploitation of CVE-2017-6742, a Simple Network Management Protocol (SNMP) vulnerability for which Cisco released a patch in 2017. Jaguar Tooth deployments allowed actors to collect further device information via execution of Cisco IOS Command Line Interface commands, discover other network devices, and achieve unauthenticated backdoor access to victim systems.[UK NCSC Jaguar Tooth April 18 2023]
Related Vulnerabilities: CVE-2017-6742[U.S. CISA APT28 Cisco Routers April 18 2023]
| Cluster A | Galaxy A | Cluster B | Galaxy B | Level |
|---|---|---|---|---|
| APT28 (5b1a5b9e-4722-41fc-a15d-196a549e3ac5) | Tidal Groups | Jaguar Tooth (0eb47e25-56ec-42ba-9850-e50450b853e0) | Tidal Software | 1 |