SUPERNOVA

Malware Profile Updated a month ago
Download STIX
Preview STIX
SUPERNOVA is a potent and novel malware, as reported by FireEye during the SolarWinds compromise. It stands out due to its in-memory execution, sophistication in parameters and execution, and flexibility by implementing a full programmatic API to the .NET runtime. This malware compiles parameters on the fly and executes the resulting assembly in-memory, differing significantly from other malwares as it takes a valid .NET program as a parameter. Unit 42 of Palo Alto Networks has published an in-depth analysis of the SUPERNOVA webshell. The impact of SUPERNOVA can be likened to a storm hitting Estonia on the day of elections and paralyzing our energy system, or the explosion of a neutron bomb on a train arriving at the Main Railway Station. The malware's potency and ability to disrupt systems has drawn comparisons to catastrophic events. Despite its destructive potential, the name SUPERNOVA has also been associated with positive ventures such as Africa’s most coveted and valuable startup pitch competition, the Supernova Challenge, where innovative companies compete for a prize pool of USD$100,000 across six categories. In other unrelated contexts, the term "Supernova" has been used in various industries. Generac, a company with over 60 years of experience distributing energy resilience devices, uses the name for its DC fast charger, which forms part of Wallbox's technology offering. Additionally, software and game developer Stardock named their new release "Galactic Civilizations IV: Supernova", priced at $49.99. Unfortunately, the term has also been linked to tragic events, such as the massacre that took place at the Supernova Music Festival in Kibbutz Re’im where over 1,300 people were killed.
What's your take? (Question 1 of 5)
Help tune the shared Cybergeist dataset, assist your peers, and earn karma. Expand the panel to get started.
Possible Aliases / Cluster overlaps
It's hard to track cluster overlaps and naming conventions between vendors, so here are some possible overlapping names / profiles you also may want to look at.
IDVotesProfile Description
SUNBURST
2
Sunburst is a highly sophisticated malware that infiltrated the SolarWinds Orion platform, an event that came to light in late 2020. The malware was embedded into the system as early as January 2019, evading detection for almost two years. The campaign was attributed to Russia's Foreign Intelligence
SolarWinds Compromise
1
The SolarWinds compromise, a highly sophisticated cyber attack campaign, was first brought to light by FireEye in December 2020. The attackers leveraged a supply chain vulnerability in the SolarWinds Orion software, installing a malicious backdoor known as SUNBURST. This allowed them to gain access
Miscellaneous Associations
Other elements of context that could aid in the identification of relevance
Malware
Solarwinds
Net
SolarWinds C...
Webshell
Africa
Spyware
Associated Malware
To see the evidence that has resulted in this association, create a free account
IDTypeVotesProfile Description
No associations to display
Associated Threat Actors
To see the evidence that has resulted in this association, create a free account
IDTypeVotesProfile Description
SolarStormUnspecified
1
SolarStorm is a threat actor group known for executing actions with malicious intent. Notable among their operations was the 2020 attack on SolarWinds Orion software, which was a sophisticated supply-chain attack that compromised the company's software updates, resulting in malware being served to i
Associated Vulnerabilities
To see the evidence that has resulted in this association, create a free account
IDTypeVotesProfile Description
No associations to display
Source Document References
Information about the SUPERNOVA Malware was read from the documents corpus below. This display is limited to 20 results, create a free account to see more
SourceCreatedAtTitle
RIA - Information System Authority
a month ago
E-voting is (too) secure
CERT-EU
4 months ago
GITEX Africa reveal dates for its 2nd edition, to be held in Morocco
MITRE
7 months ago
SolarStorm Supply Chain Attack Timeline
CERT-EU
7 months ago
Generac and Wallbox Announce Strategic Investment and Commercial Agreement
CERT-EU
9 months ago
Various Video Game Stories from the Week of October 16 - Industry News
CERT-EU
9 months ago
These Israelis are fighting Hamas on the war’s emerging ‘deepfake’ cyberfront
CERT-EU
9 months ago
‘Dress rehearsal’: Hamas practised invasion, published video of drills on mock Israeli village
CERT-EU
10 months ago
Battling malware in the industrial supply chain - Cybersecurity Insiders
MITRE
a year ago
SUPERNOVA: A Novel .NET Webshell