SolarWinds Malware Arsenal Widens with Raindrop

2021-01-19 16:40

An additional piece of malware, dubbed Raindrop, has been unmasked in the sprawling SolarWinds supply-chain attacks.

Researchers have identified Raindrop as one of the tools used for those follow-on attacks.

In the second victim, Raindrop installed Cobalt Strike and then executed PowerShell commands that were bent on installing further instances of Raindrop on additional computers in the organization.

Raindrop joins other custom malware that has been documented as being used in the attacks, including the Teardrop tool, which researchers said was delivered by the initial Sunburst backdoor.

Raindrop uses a different custom packer from Teardrop; and, Raindrop isn't fetched by Sunburst directly, researchers said.

"The discovery of Raindrop is a significant step in our investigation of the SolarWinds attacks as it provides further insights into post-compromise activity at organizations of interest to the attackers," according to the Symantec analysis.

News URL

https://threatpost.com/solarwinds-malware-arsenal-raindrop/163153/

#arsenal #malware #solarwinds

Related vendor

VENDOR	LAST 12M	#/PRODUCTS	LOW	MEDIUM	HIGH	CRITICAL	TOTAL VULNS
Solarwinds		56	33	102	74	36	245