S0578Windows

S0578SUPERNOVA

Platforms
1
ATT&CK
14.1
References
6

Description

[SUPERNOVA](https://attack.mitre.org/software/S0578) is an in-memory web shell written in .NET C#. It was discovered in November 2020 during the investigation of [APT29](https://attack.mitre.org/groups/G0016)'s SolarWinds cyber operation but determined to be unrelated. Subsequent analysis suggests [SUPERNOVA](https://attack.mitre.org/software/S0578) may have been used by the China-based threat group SPIRAL.(Citation: Guidepoint SUPERNOVA Dec 2020)(Citation: Unit42 SUPERNOVA Dec 2020)(Citation: SolarWinds Advisory Dec 2020)(Citation: CISA Supernova Jan 2021)(Citation: Microsoft Analyzing Solorigate Dec 2020)

Platforms· 1

Windows

References

  1. https://attack.mitre.org/software/S0578
  2. https://www.guidepointsecurity.com/supernova-solarwinds-net-webshell-analysis/
  3. https://unit42.paloaltonetworks.com/solarstorm-supernova/
  4. https://www.solarwinds.com/sa-overview/securityadvisory
  5. https://us-cert.cisa.gov/ncas/analysis-reports/ar21-027a
  6. https://www.microsoft.com/security/blog/2020/12/18/analyzing-solorigate-the-compromised-dll-file-that-started-a-sophisticated-cyberattack-and-how-microsoft-defender-helps-protect/

Related by meaning· 6

Nearest entities by semantic similarity across the cs-graph corpus.

Actor
BRONZE SPIRAL
Software
GoldMax
Software
SUNBURST
Software
SUNSPOT
Software
TEARDROP
Software
Sibot
Sourced from MITRE ATT&CK Enterprise 14.1. Curated by Adam Lundqvist, SQUR.