Skip to content

Hide Navigation Hide TOC

SPAWNSLOTH (2c237974-edc2-460a-90b5-20f699560da3)

SPAWNSLOTH is a log tampering utility injected into the dslogserver process. It can disable logging and disable log forwarding to an external syslog server when the SPAWNSNAIL backdoor is operating.

Cluster A Galaxy A Cluster B Galaxy B Level
SPAWNSLOTH (2c237974-edc2-460a-90b5-20f699560da3) Tool SPAWNSNAIL (de390f3e-c0d1-4c70-b121-a7a98f7326aa) Backdoor 1
SPAWNSLOTH (2c237974-edc2-460a-90b5-20f699560da3) Tool UNC5337 (6fcf8d1f-2e68-4982-a579-2ca5595e4990) Threat Actor 1
SPAWNMOLE (6c89c51f-1b97-4966-abc1-9cf526bb2892) Tool SPAWNSNAIL (de390f3e-c0d1-4c70-b121-a7a98f7326aa) Backdoor 2
SPAWNSNAIL (de390f3e-c0d1-4c70-b121-a7a98f7326aa) Backdoor SPAWNANT (e6cf28a6-94a9-4aab-b919-ad2f6a7e3b87) Tool 2
SPAWNSNAIL (de390f3e-c0d1-4c70-b121-a7a98f7326aa) Backdoor UNC5337 (6fcf8d1f-2e68-4982-a579-2ca5595e4990) Threat Actor 2
UTA0178 (f288f686-b5b3-4c86-9960-5f8fb18709a3) Threat Actor UNC5337 (6fcf8d1f-2e68-4982-a579-2ca5595e4990) Threat Actor 2
SPAWNANT (e6cf28a6-94a9-4aab-b919-ad2f6a7e3b87) Tool UNC5337 (6fcf8d1f-2e68-4982-a579-2ca5595e4990) Threat Actor 2
SPAWNMOLE (6c89c51f-1b97-4966-abc1-9cf526bb2892) Tool UNC5337 (6fcf8d1f-2e68-4982-a579-2ca5595e4990) Threat Actor 2
SPAWNMOLE (6c89c51f-1b97-4966-abc1-9cf526bb2892) Tool SPAWNANT (e6cf28a6-94a9-4aab-b919-ad2f6a7e3b87) Tool 3
ROOTROT (69d0512d-c12a-4e17-a335-deba012a8499) Tool UTA0178 (f288f686-b5b3-4c86-9960-5f8fb18709a3) Threat Actor 3
UTA0178 (f288f686-b5b3-4c86-9960-5f8fb18709a3) Threat Actor BRICKSTORM (64a0e3ab-e201-4fdc-9836-85365dfa84bb) Backdoor 3