S0565Windows

S0565Raindrop

Platforms
1
ATT&CK
14.1
References
3

Description

[Raindrop](https://attack.mitre.org/software/S0565) is a loader used by [APT29](https://attack.mitre.org/groups/G0016) that was discovered on some victim machines during investigations related to the [SolarWinds Compromise](https://attack.mitre.org/campaigns/C0024). It was discovered in January 2021 and was likely used since at least May 2020.(Citation: Symantec RAINDROP January 2021)(Citation: Microsoft Deep Dive Solorigate January 2021)

Platforms· 1

Windows

Attributed to1

TypeTargetConfidenceTier
GroupAPT29g001695%live

References

  1. https://attack.mitre.org/software/S0565
  2. https://www.microsoft.com/security/blog/2021/01/20/deep-dive-into-the-solorigate-second-stage-activation-from-sunburst-to-teardrop-and-raindrop/
  3. https://symantec-enterprise-blogs.security.com/blogs/threat-intelligence/solarwinds-raindrop-malware

Related by meaning· 6

Nearest entities by semantic similarity across the cs-graph corpus.

Software
TEARDROP
Software
SUNBURST
Software
RainyDay
Software
SUNSPOT
Software
VaporRage
Software
SoreFang
Sourced from MITRE ATT&CK Enterprise 14.1. Curated by Adam Lundqvist, SQUR.