| ID | Votes | Profile Description |
|---|---|---|
| SUNBURST | 2 | Sunburst is a sophisticated malware that has been linked to the Kazuar code, indicating its complexity. It was used in several well-known cyber attack campaigns such as SUNBURST, OilRig, xHunt, DarkHydrus, and Decoy Dog, which employed DNS tunneling techniques for command and control (C2) communicat |
| Beacon | 1 | The attack pattern "beacon" refers to a method used by attackers to maintain persistent access to a compromised system. In this case, the red team successfully installed a persistent beacon on Workstation 2 after one user triggered their payload. The attackers utilized an HTTPS Cobalt Strike Beacon, |
| Cobalt Strike Beacon | 1 | Cobalt Strike Beacon is a type of malware known for its harmful capabilities, including stealing personal information, disrupting operations, and potentially holding data hostage for ransom. The malware has been loaded by HUI Loader through various files such as mpc.tmp, dlp.ini, vmtools.ini, and an |
| Solorigate | 1 | Solorigate, also known as SUNBURST, is a sophisticated malware that was used in a series of cyberattacks in 2021. The malware was discovered to have been implanted into the SolarWinds Orion software through a supply-chain compromise, which Microsoft initially dubbed as "Solorigate". This allowed the |
| Mamadogs | 1 | None |
| Crimsonbox | 1 | None |
| Raindrop | 1 | Raindrop is a type of malware discovered during the Solorigate investigation, along with other malicious software such as TEARDROP, SUNBURST, and various custom loaders for the Cobalt Strike beacon. These malware types, including Raindrop, are likely generated using custom Artifact Kit templates. Ra |
| ID | Type | Votes | Profile Description |
|---|---|---|---|
| GoldMax | Unspecified | 2 | GoldMax is a sophisticated malware, initially discovered to target Windows platforms with the earliest identified timestamp indicating a compilation in May 2020. The malicious software was designed by threat actors to exploit and damage computer systems, often infiltrating without the user's knowled |
| Sibot | Unspecified | 1 | Sibot is a malware that operates as a dual-purpose VBScript, designed to achieve persistence on an infected machine and then download and execute payloads from a remote C2 server. It reaches out to a compromised website to download a DLL to a folder under System32. Malware is harmful software capabl |
| SUNSPOT | Unspecified | 1 | Sunspot is a sophisticated and novel malware associated with the SolarWinds intrusion that occurred in December 2020. This malicious software, linked to COZY BEAR (also known as APT29 or "The Dukes"), infiltrates systems undetected, often through suspicious downloads, emails, or websites. Once insid |
| NativeZone | Unspecified | 1 | NativeZone is a malware identified as a custom Cobalt Strike Beacon loader. This malicious software was dubbed NativeZone by Microsoft and is typically loaded and executed through rundll32.exe to deliver follow-on payloads. The malware uses DLL files, such as Document.dll and NativeCacheSvc.dll, and |
| trojan:win64/solorigate.sa!dha | Unspecified | 1 | None |
| ID | Type | Votes | Profile Description |
|---|---|---|---|
| StellarParticle | Unspecified | 1 | StellarParticle, a threat actor associated with the COZY BEAR adversary group, has been identified as a significant cybersecurity risk by CrowdStrike. StellarParticle is known for its extensive knowledge of Windows and Linux operating systems, Microsoft Azure, O365, and Active Directory, and it has |
| APT29 | Unspecified | 1 | APT29, also known as Cozy Bear, SVR group, BlueBravo, Nobelium, Midnight Blizzard, and The Dukes, is a threat actor linked to Russia. This group is notorious for its malicious activities in the cybersecurity realm, executing actions with harmful intent. It has been associated with several high-profi |
| NOBELIUM | Unspecified | 1 | Nobelium, a threat actor linked to Russia's SVR, has been actively targeting French diplomatic entities as part of its cyber-espionage activities. The Advanced Persistent Threat (APT) group has utilized sophisticated techniques such as phishing and attempts to install Cobalt Strike, an advanced malw |
| ID | Type | Votes | Profile Description |
|---|---|---|---|
No associations to display |
| Source | CreatedAt | Title |
|---|---|---|
| MITRE | 7 months ago | Assembling the Russian Stacking Doll: UNC2452 Merged into APT29 |
| MITRE | 7 months ago | SolarStorm Supply Chain Attack Timeline |
| Malwarebytes | a year ago | Microsoft Teams used in phishing campaign to bypass multi-factor authentication |
| MITRE | a year ago | New sophisticated email-based attack from NOBELIUM - Microsoft Security Blog |
| MITRE | a year ago | Highly Evasive Attacker Leverages SolarWinds Supply Chain to Compromise Multiple Global Victims With SUNBURST Backdoor | Mandiant |
| MITRE | a year ago | SUNSPOT Malware: A Technical Analysis | CrowdStrike |
| MITRE | a year ago | GoldMax, GoldFinder, and Sibot: Analyzing NOBELIUM’s layered persistence - Microsoft Security Blog |
| MITRE | a year ago | Breaking down NOBELIUM’s latest early-stage toolset - Microsoft Security Blog |
| MITRE | a year ago | Deep dive into the Solorigate second-stage activation: From SUNBURST to TEARDROP and Raindrop - Microsoft Security Blog |
| MITRE | a year ago | Raindrop: New Malware Discovered in SolarWinds Investigation |
| MITRE | a year ago | FoggyWeb: Targeted NOBELIUM malware leads to persistent backdoor - Microsoft Security Blog |
| MITRE | a year ago | Security Advisory | SolarWinds |
| CERT-EU | a year ago | Liaison : la série avec Vincent Cassel et Eva Green est le premier raté d'AppleTV+ |