SUPERNOVA

Malware updated a month ago (2024-11-29T14:17:42.119Z)
Download STIX
Preview STIX
SUPERNOVA is a potent and novel malware, as reported by FireEye during the SolarWinds compromise. It stands out due to its in-memory execution, sophistication in parameters and execution, and flexibility by implementing a full programmatic API to the .NET runtime. This malware compiles parameters on the fly and executes the resulting assembly in-memory, differing significantly from other malwares as it takes a valid .NET program as a parameter. Unit 42 of Palo Alto Networks has published an in-depth analysis of the SUPERNOVA webshell. The impact of SUPERNOVA can be likened to a storm hitting Estonia on the day of elections and paralyzing our energy system, or the explosion of a neutron bomb on a train arriving at the Main Railway Station. The malware's potency and ability to disrupt systems has drawn comparisons to catastrophic events. Despite its destructive potential, the name SUPERNOVA has also been associated with positive ventures such as Africa’s most coveted and valuable startup pitch competition, the Supernova Challenge, where innovative companies compete for a prize pool of USD$100,000 across six categories. In other unrelated contexts, the term "Supernova" has been used in various industries. Generac, a company with over 60 years of experience distributing energy resilience devices, uses the name for its DC fast charger, which forms part of Wallbox's technology offering. Additionally, software and game developer Stardock named their new release "Galactic Civilizations IV: Supernova", priced at $49.99. Unfortunately, the term has also been linked to tragic events, such as the massacre that took place at the Supernova Music Festival in Kibbutz Re’im where over 1,300 people were killed.
Description last updated: 2024-06-05T13:24:36.934Z
What's your take? (Question 1 of 1)
Help tune the shared Cybergeist dataset, assist your peers, and earn karma. Expand the panel to get started.
Possible Aliases / Cluster overlaps
It's hard to track cluster overlaps and naming conventions between vendors, so here are some possible overlapping names / profiles you also may want to look at. Create a free account to see the source evidence for each alias, and help fix any errors.
Alias DescriptionVotes
SUNBURST is a possible alias for SUPERNOVA. Sunburst is a sophisticated malware that was detected in a major supply chain attack in December 2020. The Sunburst backdoor has been tied to Kazuar, another malicious software, due to code resemblance, indicating its high level of complexity. This malware infiltrates systems, often without the user
2
Miscellaneous Associations
Other elements of context that could aid in the identification of relevance
Malware
Analyst Notes & Discussion
Be the first to leave your mark here! Log in to share your views and vote.
Source Document References
Information about the SUPERNOVA Malware was read from the documents corpus below. This display is limited to 20 results, create a free account to see more