Malware: LITTLELAMB.WOOLTEA

Description

[LITTLELAMB.WOOLTEA](https://attack.mitre.org/software/S1121) is a backdoor that was used by UNC5325 during [Cutting Edge](https://attack.mitre.org/campaigns/C0029) to deploy malware on targeted Ivanti Connect Secure VPNs and to establish persistence across system upgrades and patches.(Citation: Mandiant Cutting Edge Part 3 February 2024)

External References

• mitre-attack
• Mandiant Cutting Edge Part 3 February 2024

Techniques Used by This Malware

• T1082 — System Information Discovery
• T1083 — File and Directory Discovery
• T1090 — Proxy
• T1095 — Non-Application Layer Protocol
• T1543 — Create or Modify System Process
• T1554 — Compromise Host Software Binary
• T1573.002 — Asymmetric Cryptography