S0588WindowsLinux
S0588GoldMax
Platforms
2
ATT&CK
14.1
References
4
Description
[GoldMax](https://attack.mitre.org/software/S0588) is a second-stage C2 backdoor written in Go with Windows and Linux variants that are nearly identical in functionality. [GoldMax](https://attack.mitre.org/software/S0588) was discovered in early 2021 during the investigation into the [SolarWinds Compromise](https://attack.mitre.org/campaigns/C0024), and has likely been used by [APT29](https://attack.mitre.org/groups/G0016) since at least mid-2019. [GoldMax](https://attack.mitre.org/software/S0588) uses multiple defense evasion techniques, including avoiding virtualization execution and masking malicious traffic.(Citation: MSTIC NOBELIUM Mar 2021)(Citation: FireEye SUNSHUTTLE Mar 2021)(Citation: CrowdStrike StellarParticle January 2022)
Platforms· 2
WindowsLinux
Attributed to1
| Type | Target | Confidence | Tier |
|---|---|---|---|
| Group | APT29g0016 | 100% | live |
References
- https://attack.mitre.org/software/S0588
- https://www.crowdstrike.com/blog/observations-from-the-stellarparticle-campaign/
- https://www.microsoft.com/security/blog/2021/03/04/goldmax-goldfinder-sibot-analyzing-nobelium-malware/
- https://www.fireeye.com/blog/threat-research/2021/03/sunshuttle-second-stage-backdoor-targeting-us-based-entity.html
Related by meaning· 6
Nearest entities by semantic similarity across the cs-graph corpus.