SUPERNOVA
Techniques Used |
||||
| Domain | ID | Name | Use | |
|---|---|---|---|---|
| Enterprise | T1071 | .001 | Application Layer Protocol: Web Protocols |
SUPERNOVA had to receive an HTTP GET request containing a specific set of parameters in order to execute.(Citation: Guidepoint SUPERNOVA Dec 2020)(Citation: Unit42 SUPERNOVA Dec 2020) |
| Enterprise | T1036 | .005 | Masquerading: Match Legitimate Name or Location |
SUPERNOVA has masqueraded as a legitimate SolarWinds DLL.(Citation: Guidepoint SUPERNOVA Dec 2020)(Citation: Unit42 SUPERNOVA Dec 2020) |
| Enterprise | T1505 | .003 | Server Software Component: Web Shell |
SUPERNOVA is a Web shell.(Citation: Unit42 SUPERNOVA Dec 2020)(Citation: Guidepoint SUPERNOVA Dec 2020)(Citation: CISA Supernova Jan 2021) |
References
- Riley, W. (2020, December 1). SUPERNOVA SolarWinds .NET Webshell Analysis. Retrieved February 18, 2021.
- Tennis, M. (2020, December 17). SUPERNOVA: A Novel .NET Webshell. Retrieved February 22, 2021.
- SolarWinds. (2020, December 24). SolarWinds Security Advisory. Retrieved February 22, 2021.
- CISA. (2021, January 27). Malware Analysis Report (AR21-027A). Retrieved February 22, 2021.
- MSTIC. (2020, December 18). Analyzing Solorigate, the compromised DLL file that started a sophisticated cyberattack, and how Microsoft Defender helps protect customers . Retrieved January 5, 2021.
- Carnegie Mellon University. (2020, December 26). SolarWinds Orion API authentication bypass allows remote command execution. Retrieved February 22, 2021.
- Stoner, J. (2021, January 21). Detecting Supernova Malware: SolarWinds Continued. Retrieved February 22, 2021.
Мы используем cookie-файлы, чтобы получить статистику, которая помогает нам улучшить сервис для вас с целью персонализации сервисов и предложений. Вы может прочитать подробнее о cookie-файлах или изменить настройки браузера. Продолжая пользоваться сайтом, вы даёте согласие на использование ваших cookie-файлов и соглашаетесь с Политикой обработки персональных данных.