TEARDROP

Malware & Tools · TEARDROP

· MalwareS0560 · Zararlı Yazılım

Type

malware

Techniques

Used By

1 groups

Platforms

Windows

Description

TEARDROP is a memory-only dropper that was discovered on some victim machines during investigations related to the SolarWinds Compromise. It was likely used by APT29 since at least May 2020.(Citation: FireEye SUNBURST Backdoor December 2020)(Citation: Microsoft Deep Dive Solorigate January 2021)

Tactic Coverage

stealth (3)persistence (2)discovery (1)defense impairment (1)privilege escalation (1)

Used By (1 groups)

G0016APT29IRON RITUAL, IRON HEMLOCK

Techniques (6)

T1012Query Registry

discovery

T1027Obfuscated Files or Information

stealth

T1036.005Match Legitimate Resource Name or Location

stealth

T1112Modify Registry

defense impairmentpersistence

T1140Deobfuscate/Decode Files or Information

stealth

T1543.003Windows Service

persistenceprivilege escalation

References

https://attack.mitre.org/software/S0560 https://www.fireeye.com/blog/threat-research/2020/12/evasive-attacker-leverages-solarwinds-supply-chain-compromises-with-sunburst-backdoor.html https://www.microsoft.com/security/blog/2021/01/20/deep-dive-into-the-solorigate-second-stage-activation-from-sunburst-to-teardrop-and-raindrop/