SYMBOLCOMMON_NAMEaka. SYNONYMS
win.raindrop (Back to overview)

Raindrop

Actor(s): UNC2452


Raindrop is a loader for Cobalt Strike that was observed in the SolarWinds attack.

References
2021-07-13SymantecThreat Hunter Team
@techreport{team:20210713:attacks:76174fd, author = {Threat Hunter Team}, title = {{Attacks Against the Government Sector}}, date = {2021-07-13}, institution = {Symantec}, url = {https://symantec.broadcom.com/hubfs/Attacks-Against-Government-Sector.pdf}, language = {English}, urldate = {2021-07-20} } Attacks Against the Government Sector
Raindrop TEARDROP
2021-07-13YouTube ( Matt Soseman)Matt Soseman
@online{soseman:20210713:solarwinds:cb7df1d, author = {Matt Soseman}, title = {{Solarwinds and SUNBURST attacks compromised my lab!}}, date = {2021-07-13}, organization = {YouTube ( Matt Soseman)}, url = {https://www.youtube.com/watch?v=GfbxHy6xnbA}, language = {English}, urldate = {2021-07-21} } Solarwinds and SUNBURST attacks compromised my lab!
Cobalt Strike Raindrop SUNBURST TEARDROP
2021-06-01SANSKevin Haley, Jake Williams
@online{haley:20210601:contrarian:6aff18c, author = {Kevin Haley and Jake Williams}, title = {{A Contrarian View on SolarWinds}}, date = {2021-06-01}, organization = {SANS}, url = {https://www.sans.org/webcasts/contrarian-view-solarwinds-119515}, language = {English}, urldate = {2021-06-21} } A Contrarian View on SolarWinds
Cobalt Strike Raindrop SUNBURST TEARDROP
2021-01-18SymantecThreat Hunter Team
@online{team:20210118:raindrop:9ab1262, author = {Threat Hunter Team}, title = {{Raindrop: New Malware Discovered in SolarWinds Investigation}}, date = {2021-01-18}, organization = {Symantec}, url = {https://symantec-enterprise-blogs.security.com/blogs/threat-intelligence/solarwinds-raindrop-malware}, language = {English}, urldate = {2021-01-21} } Raindrop: New Malware Discovered in SolarWinds Investigation
Cobalt Strike Raindrop SUNBURST TEARDROP

There is no Yara-Signature yet.