SYMBOLCOMMON_NAMEaka. SYNONYMS
win.raindrop (Back to overview)

Raindrop

Actor(s): UNC2452

Raindrop is a loader for Cobalt Strike that was observed in the SolarWinds attack.

References
2022-07-31BushidoToken BlogBushidoToken
@online{bushidotoken:20220731:space:636e570, author = {BushidoToken}, title = {{Space Invaders: Cyber Threats That Are Out Of This World}}, date = {2022-07-31}, organization = {BushidoToken Blog}, url = {https://blog.bushidotoken.net/2022/07/space-invaders-cyber-threats-that-are.html}, language = {English}, urldate = {2022-08-02} } Space Invaders: Cyber Threats That Are Out Of This World
Poison Ivy Raindrop SUNBURST TEARDROP WastedLocker
2022-04-27MandiantMandiant
@online{mandiant:20220427:assembling:a7068b9, author = {Mandiant}, title = {{Assembling the Russian Nesting Doll: UNC2452 Merged into APT29}}, date = {2022-04-27}, organization = {Mandiant}, url = {https://www.mandiant.com/resources/unc2452-merged-into-apt29}, language = {English}, urldate = {2022-04-29} } Assembling the Russian Nesting Doll: UNC2452 Merged into APT29
Cobalt Strike Raindrop SUNBURST TEARDROP
2021-10-26KasperskyKaspersky Lab ICS CERT
@techreport{cert:20211026:attacks:6f30d0f, author = {Kaspersky Lab ICS CERT}, title = {{APT attacks on industrial organizations in H1 2021}}, date = {2021-10-26}, institution = {Kaspersky}, url = {https://ics-cert.kaspersky.com/media/Kaspersky-ICS-CERT-APT-attacks-on-industrial-organizations-in-H1-2021-En.pdf}, language = {English}, urldate = {2021-11-08} } APT attacks on industrial organizations in H1 2021
8.t Dropper AllaKore AsyncRAT GoldMax LimeRAT NjRAT NoxPlayer Raindrop ReverseRAT ShadowPad Zebrocy
2021-07-13YouTube ( Matt Soseman)Matt Soseman
@online{soseman:20210713:solarwinds:cb7df1d, author = {Matt Soseman}, title = {{Solarwinds and SUNBURST attacks compromised my lab!}}, date = {2021-07-13}, organization = {YouTube ( Matt Soseman)}, url = {https://www.youtube.com/watch?v=GfbxHy6xnbA}, language = {English}, urldate = {2021-07-21} } Solarwinds and SUNBURST attacks compromised my lab!
Cobalt Strike Raindrop SUNBURST TEARDROP
2021-07-13SymantecThreat Hunter Team
@techreport{team:20210713:attacks:76174fd, author = {Threat Hunter Team}, title = {{Attacks Against the Government Sector}}, date = {2021-07-13}, institution = {Symantec}, url = {https://symantec.broadcom.com/hubfs/Attacks-Against-Government-Sector.pdf}, language = {English}, urldate = {2021-07-20} } Attacks Against the Government Sector
Raindrop TEARDROP
2021-06-01SANSKevin Haley, Jake Williams
@online{haley:20210601:contrarian:6aff18c, author = {Kevin Haley and Jake Williams}, title = {{A Contrarian View on SolarWinds}}, date = {2021-06-01}, organization = {SANS}, url = {https://www.sans.org/webcasts/contrarian-view-solarwinds-119515}, language = {English}, urldate = {2021-06-21} } A Contrarian View on SolarWinds
Cobalt Strike Raindrop SUNBURST TEARDROP
2021-01-18SymantecThreat Hunter Team
@online{team:20210118:raindrop:9ab1262, author = {Threat Hunter Team}, title = {{Raindrop: New Malware Discovered in SolarWinds Investigation}}, date = {2021-01-18}, organization = {Symantec}, url = {https://symantec-enterprise-blogs.security.com/blogs/threat-intelligence/solarwinds-raindrop-malware}, language = {English}, urldate = {2021-01-21} } Raindrop: New Malware Discovered in SolarWinds Investigation
Cobalt Strike Raindrop SUNBURST TEARDROP
2021SymantecSymantec Threat Hunter Team
@techreport{team:2021:supply:ad422b5, author = {Symantec Threat Hunter Team}, title = {{Supply Chain Attacks:Cyber Criminals Target the Weakest Link}}, date = {2021}, institution = {Symantec}, url = {https://file2.api.drift.com/download/drift-prod-file-uploads/417f%2F417f74ae8ddd24aa7c2b43a23093983f/Supply%20Chain%20Attacks_%20Cyber%20Criminals%20Target%20the%20Weakest%20Link.pdf}, language = {English}, urldate = {2022-02-01} } Supply Chain Attacks:Cyber Criminals Target the Weakest Link
Cobalt Strike Raindrop SUNBURST TEARDROP

There is no Yara-Signature yet.