S0597Windows

S0597GoldFinder

Platforms
1
ATT&CK
14.1
References
2

Description

[GoldFinder](https://attack.mitre.org/software/S0597) is a custom HTTP tracer tool written in Go that logs the route a packet takes between a compromised network and a C2 server. It can be used to inform threat actors of potential points of discovery or logging of their actions, including C2 related to other malware. [GoldFinder](https://attack.mitre.org/software/S0597) was discovered in early 2021 during an investigation into the [SolarWinds Compromise](https://attack.mitre.org/campaigns/C0024) by [APT29](https://attack.mitre.org/groups/G0016).(Citation: MSTIC NOBELIUM Mar 2021)

Platforms· 1

Windows

Attributed to1

TypeTargetConfidenceTier
GroupAPT29g001695%live

References

  1. https://attack.mitre.org/software/S0597
  2. https://www.microsoft.com/security/blog/2021/03/04/goldmax-goldfinder-sibot-analyzing-nobelium-malware/

Related by meaning· 6

Nearest entities by semantic similarity across the cs-graph corpus.

Software
GoldMax
Software
Raindrop
Software
SUNSPOT
Software
ConnectWise
Software
BloodHound
Software
Tomiris
Sourced from MITRE ATT&CK Enterprise 14.1. Curated by Adam Lundqvist, SQUR.