S0562Windows

S0562SUNSPOT

Platforms
1
ATT&CK
14.1
References
2

Description

[SUNSPOT](https://attack.mitre.org/software/S0562) is an implant that injected the [SUNBURST](https://attack.mitre.org/software/S0559) backdoor into the SolarWinds Orion software update framework. It was used by [APT29](https://attack.mitre.org/groups/G0016) since at least February 2020.(Citation: CrowdStrike SUNSPOT Implant January 2021)

Platforms· 1

Windows

Attributed to1

TypeTargetConfidenceTier
GroupAPT29g001695%live

References

  1. https://attack.mitre.org/software/S0562
  2. https://www.crowdstrike.com/blog/sunspot-malware-technical-analysis/

Related by meaning· 6

Nearest entities by semantic similarity across the cs-graph corpus.

Software
SUNBURST
Software
TEARDROP
Software
Raindrop
Campaign
SolarWinds Compromise
Software
GoldMax
Software
Sibot
Sourced from MITRE ATT&CK Enterprise 14.1. Curated by Adam Lundqvist, SQUR.