SYMBOLCOMMON_NAMEaka. SYNONYMS
win.solarmarker (Back to overview)

solarmarker

aka: Jupyter, Polazert, Yellow Cockatoo

Unit 42 notes that they identified a new version of SolarMarker, a malware family known for its infostealing and backdoor capabilities, mainly delivered through search engine optimization (SEO) manipulation to convince users to download malicious documents.

Some of SolarMarker’s capabilities include the exfiltration of auto-fill data, saved passwords and saved credit card information from victims’ web browsers. Besides capabilities typical for infostealers, SolarMarker has additional capabilities such as file transfer and execution of commands received from a C2 server.

The malware invests significant effort into defense evasion, which consists of techniques like signed files, huge files, impersonation of legitimate software installations and obfuscated PowerShell scripts.

References
2023-11-06VMWare Carbon BlackAbe Schneider, Alan Ngo, Bria Beathley, Swee Lai Lee
Jupyter Rising: An Update on Jupyter Infostealer
solarmarker
2023-06-08Twitter (@embee_research)Embee_research
Practical Queries for Identifying Malware Infrastructure: An informal page for storing Censys/Shodan queries
Amadey AsyncRAT Cobalt Strike QakBot Quasar RAT Sliver solarmarker
2023-02-26ProofpointAndrew Northern
TA569: SocGholish and Beyond
FAKEUPDATES RedLine Stealer solarmarker
2022-09-27SquiblydooSquiblydoo
Solarmarker: The Old is New
solarmarker
2022-04-27eSentireeSentire Threat Response Unit (TRU)
eSentire Threat Intelligence Malware Analysis: SolarMarker
solarmarker
2022-04-15Center for Internet SecurityCIS
Top 10 Malware March 2022
Mirai Shlayer Agent Tesla Ghost RAT Nanocore RAT SectopRAT solarmarker Zeus
2022-04-08Palo Alto Networks Unit 42Inbal Shalev, Irena Damsky, Shimi Cohen
New SolarMarker (Jupyter) Campaign Demonstrates the Malware’s Changing Attack Patterns
solarmarker
2022-02-01SophosGabor Szappanos, Sean Gallagher
SolarMarker campaign used novel registry changes to establish persistence
solarmarker
2022-01-13BlackberryThe BlackBerry Research & Intelligence Team
Threat Thursday: Jupyter Infostealer is a Master of Disguise
solarmarker
2021-10-28PRODAFT Threat IntelligencePRODAFT
Solarmarker In-Depth Analysis
solarmarker
2021-09-21MorphisecNadav Lorber
New Jupyter Evasive Delivery through MSI Installer
solarmarker
2021-08-09Minerva LabsMinerva Labs
Thwarting Jupyter Stealer
solarmarker
2021-07-29Talos IntelligenceAndrew Windsor, Chris Neal
Talos Spotlight: Solarmarker
solarmarker
2021-07-16Binary DefenseBinary Defense
Mars-Deimos: From Jupiter to Mars and Back again (Part Two)
solarmarker
2021-07-06Binary DefenseBinary Defense
Mars-Deimos: SolarMarker/Jupyter Infostealer (Part 1)
solarmarker
2021-06-20SquiblydooSquiblydoo
Mars-Deimos: From Jupiter to Mars and Back again (Part Two)
solarmarker
2021-06-11Twitter (@MsftSecIntel)Microsoft Security Intelligence
Tweet on solarmarker/Jupyter malware
solarmarker
2021-04-13eSentireeSentire
Hackers Flood the Web with 100,000 Malicious Pages, Promising Professionals Free Business Forms, But Delivering Malware, Reports eSentire
solarmarker
2021-02-08CrowdStrikeSeb Walla, Tom Henry, Tom Simpson
Blocking SolarMarker Backdoor
solarmarker
2020-12-20Security MagicSecurity Magic
Tracking Jupyter Malware
solarmarker
2020-11-12MorphisecArnold Osipov
Threat Profile: JUPYTER INFOSTEALER
solarmarker

There is no Yara-Signature yet.