Threat Group Cards: A Threat Actor Encyclopedia
Archived: 2026-04-05 16:48:48 UTC
Home > List all groups > List all tools > List all groups using tool GLASSTOKEN
 Tool: GLASSTOKEN
Names GLASSTOKEN
Category Malware
Type Backdoor
Description
(Volexity) UTA0178 planted webshells on external-facing web servers in order to grant
persistence to the customer environment. They could then use the webshells to execute
commands on those devices. Only two variations of the same webshell were used in the
attack.
Information
MITRE ATT&CK Last change to this tool card: 19 June 2024
Download this tool card in JSON format
All groups using tool GLASSTOKEN
Changed Name Country Observed
APT groups
 UNC5221, UTA0178 2022-Mar 2025
1 group listed (1 APT, 0 other, 0 unknown)
Source: https://apt.etda.or.th/cgi-bin/listgroups.cgi?u=333f8a64-e05f-4c1c-812a-e75c7a32fa7a
https://apt.etda.or.th/cgi-bin/listgroups.cgi?u=333f8a64-e05f-4c1c-812a-e75c7a32fa7a
Page 1 of 1