S0560Windows

S0560TEARDROP

Platforms
1
ATT&CK
14.1
References
3

Description

[TEARDROP](https://attack.mitre.org/software/S0560) is a memory-only dropper that was discovered on some victim machines during investigations related to the [SolarWinds Compromise](https://attack.mitre.org/campaigns/C0024). It was likely used by [APT29](https://attack.mitre.org/groups/G0016) since at least May 2020.(Citation: FireEye SUNBURST Backdoor December 2020)(Citation: Microsoft Deep Dive Solorigate January 2021)

Platforms· 1

Windows

Attributed to1

TypeTargetConfidenceTier
GroupAPT29g001695%live

References

  1. https://attack.mitre.org/software/S0560
  2. https://www.fireeye.com/blog/threat-research/2020/12/evasive-attacker-leverages-solarwinds-supply-chain-compromises-with-sunburst-backdoor.html
  3. https://www.microsoft.com/security/blog/2021/01/20/deep-dive-into-the-solorigate-second-stage-activation-from-sunburst-to-teardrop-and-raindrop/

Related by meaning· 6

Nearest entities by semantic similarity across the cs-graph corpus.

Software
Raindrop
Software
SUNBURST
Software
SUNSPOT
Software
Kerrdown
Software
GoldMax
Software
RainyDay
Sourced from MITRE ATT&CK Enterprise 14.1. Curated by Adam Lundqvist, SQUR.