Donut (40d25a38-91f4-4e07-bb97-8866bed8e44f)
Donut is an open source framework used to generate position-independent shellcode.[Donut Github][Introducing Donut] Donut generated code has been used by multiple threat actors to inject and load malicious payloads into memory.[NCC Group WastedLocker June 2020]
| Cluster A | Galaxy A | Cluster B | Galaxy B | Level |
|---|---|---|---|---|
| Indrik Spider (3c7ad595-1940-40fc-b9ca-3e649c1e5d87) | Tidal Groups | Donut (40d25a38-91f4-4e07-bb97-8866bed8e44f) | Tidal Software | 1 |