SUPERNOVA

Malware updated 3 months ago (2024-06-05T14:17:41.019Z)
Download STIX
Preview STIX
SUPERNOVA is a potent and novel malware, as reported by FireEye during the SolarWinds compromise. It stands out due to its in-memory execution, sophistication in parameters and execution, and flexibility by implementing a full programmatic API to the .NET runtime. This malware compiles parameters on the fly and executes the resulting assembly in-memory, differing significantly from other malwares as it takes a valid .NET program as a parameter. Unit 42 of Palo Alto Networks has published an in-depth analysis of the SUPERNOVA webshell. The impact of SUPERNOVA can be likened to a storm hitting Estonia on the day of elections and paralyzing our energy system, or the explosion of a neutron bomb on a train arriving at the Main Railway Station. The malware's potency and ability to disrupt systems has drawn comparisons to catastrophic events. Despite its destructive potential, the name SUPERNOVA has also been associated with positive ventures such as Africa’s most coveted and valuable startup pitch competition, the Supernova Challenge, where innovative companies compete for a prize pool of USD$100,000 across six categories. In other unrelated contexts, the term "Supernova" has been used in various industries. Generac, a company with over 60 years of experience distributing energy resilience devices, uses the name for its DC fast charger, which forms part of Wallbox's technology offering. Additionally, software and game developer Stardock named their new release "Galactic Civilizations IV: Supernova", priced at $49.99. Unfortunately, the term has also been linked to tragic events, such as the massacre that took place at the Supernova Music Festival in Kibbutz Re’im where over 1,300 people were killed.
Description last updated: 2024-06-05T13:24:36.934Z
What's your take? (Question 1 of 1)
Help tune the shared Cybergeist dataset, assist your peers, and earn karma. Expand the panel to get started.
Possible Aliases / Cluster overlaps
It's hard to track cluster overlaps and naming conventions between vendors, so here are some possible overlapping names / profiles you also may want to look at.
IDVotesProfile Description
SUNBURST
2
Sunburst is a sophisticated malware that has been linked to the Kazuar code, indicating its complexity. It was used in several well-known cyber attack campaigns such as SUNBURST, OilRig, xHunt, DarkHydrus, and Decoy Dog, which employed DNS tunneling techniques for command and control (C2) communicat
Miscellaneous Associations
Other elements of context that could aid in the identification of relevance
Malware
Analyst Notes & Discussion
Be the first to leave your mark here! Log in to share your views and vote.
Source Document References
Information about the SUPERNOVA Malware was read from the documents corpus below. This display is limited to 20 results, create a free account to see more
PreviewSource LinkCreatedAtTitle
RIA - Information System Authority
8 months ago
E-voting is (too) secure
RIA - Information System Authority
3 months ago
E-voting is (too) secure
CERT-EU
6 months ago
GITEX Africa reveal dates for its 2nd edition, to be held in Morocco
MITRE
9 months ago
SolarStorm Supply Chain Attack Timeline
CERT-EU
9 months ago
Generac and Wallbox Announce Strategic Investment and Commercial Agreement
CERT-EU
a year ago
Various Video Game Stories from the Week of October 16 - Industry News
CERT-EU
a year ago
These Israelis are fighting Hamas on the war’s emerging ‘deepfake’ cyberfront
CERT-EU
a year ago
‘Dress rehearsal’: Hamas practised invasion, published video of drills on mock Israeli village
CERT-EU
a year ago
Battling malware in the industrial supply chain - Cybersecurity Insiders
MITRE
2 years ago
SUPERNOVA: A Novel .NET Webshell