THINSPOOL

Description

(Mandiant) THINSPOOL is a dropper written in shell script that writes the web shell LIGHTWIRE to a legitimate CS file. THINSPOOL will re-add the malicious web shell code to legitimate files after an update, allowing UNC5221 to persist on the compromised devices. THINSPOOL attempts to evade Ivanti’s Integrity Checker but Mandiant observed this attempt failed.

Names

Name
THINSPOOL

Type

Dropper

Information

https://www.mandiant.com/resources/blog/suspected-apt-targets-ivanti-zero-day

Other Information

Uuid

135f79b2-1787-46e8-b20b-eaf570ee0f44

Last Card Change

2024-01-17

Threat Intelligence Garden

Explorer

THINSPOOL

THINSPOOL

Description

Names

Category

Type

Information

Other Information

Uuid

Last Card Change

Graph View

Table of Contents

Backlinks