Solarmarker

Malware updated 7 months ago (2024-11-29T14:25:42.638Z)
Download STIX
Preview STIX
SolarMarker, also known as Yellow Cockatoo, Polazert, and Jupyter Infostealer, is a sophisticated malware designed to steal information. It has been evolving since 2020 and has been active in various campaigns since 2021. The malware relies heavily on web delivery, using search engine optimization (SEO) tricks to fool targets into downloading malicious payloads. Notably, in 2022, SolarMarker was involved in an "SEO poisoning" campaign, demonstrating the increasing sophistication of its operations. The core of SolarMarker's operations lies in its layered infrastructure, which consists of two clusters: a primary one for active operations and a secondary one likely used for testing new strategies or targeting specific industries or regions. This multi-tiered structure allows the malware to adapt and evolve, making it more challenging to detect and mitigate. The malware also employs advanced evasion techniques such as Authenticode certificates, which lend an air of legitimacy to its malicious payloads, and uses large zip files to bypass antivirus software. In addition to its own campaigns, SolarMarker has been used in conjunction with other malicious toolkits and malware families. For instance, it was dropped as part of the Domen toolkit and sczriptzzbn campaigns, leading to the NetSupport Remote Access Tool (RAT). Furthermore, it was utilized by a HIVE SPIDER affiliate in an attack against a telecommunications sector entity in January 2023. To defend against SolarMarker, it is recommended to enforce application allow-lists to prevent the downloading of seemingly legitimate files containing malware.
Description last updated: 2024-07-09T13:17:50.426Z
What's your take? (Question 1 of 1)
Help tune the shared Cybergeist dataset, assist your peers, and earn karma. Expand the panel to get started.
Aliases We are not currently tracking any aliases
Miscellaneous Associations
Other elements of context that could aid in the identification of relevance
Malware
Backdoor
Analyst Notes & Discussion
Be the first to leave your mark here! Log in to share your views and vote.