 |
สำนักงานพัฒนาธุรกรรมทางอิเล็กทรอนิกส์ Electronic Transactions Development Agency |
|
สำนักงานพัฒนาธุรกรรมทางอิเล็กทรอนิกส์ Electronic Transactions Development Agency |
Tool: RAINDROP| Names | RAINDROP | |
| Category | Malware | |
| Type | Backdoor, Dropper, Loader, Remote command | |
| Description | (Symantec) Raindrop (Backdoor.Raindrop) is a loader which delivers a payload of Cobalt Strike. Raindrop is very similar to the already documented TEARDROP tool, but there are some key differences between the two. While Teardrop was delivered by the initial SUNBURST backdoor (Backdoor.Sunburst), Raindrop appears to have been used for spreading across the victim’s network. Symantec has seen no evidence to date of Raindrop being delivered directly by Sunburst. Instead, it appears elsewhere on networks where at least one computer has already been compromised by Sunburst. | |
| Information | <https://symantec-enterprise-blogs.security.com/blogs/threat-intelligence/solarwinds-raindrop-malware> | |
| MITRE ATT&CK | <https://attack.mitre.org/software/S0565/> | |
| Malpedia | <https://malpedia.caad.fkie.fraunhofer.de/details/win.raindrop> | |
Last change to this tool card: 30 December 2022
Download this tool card in JSON format
| Changed | Name | Country | Observed | ||
APT groups | |||||
 | APT 29, Cozy Bear, The Dukes |  | 2008-Jun 2024 |  | |
1 group listed (1 APT, 0 other, 0 unknown)
|
Digital Service Security Center Follow us on
|
Report incidents |
|
 |
+66 (0)2-123-1227 | |
 |
[email protected] | |