RAINDROP

Description

(Symantec) Raindrop (Backdoor.Raindrop) is a loader which delivers a payload of Cobalt Strike. Raindrop is very similar to the already documented TEARDROP tool, but there are some key differences between the two. While Teardrop was delivered by the initial SUNBURST backdoor (Backdoor.Sunburst), Raindrop appears to have been used for spreading across the victim’s network. Symantec has seen no evidence to date of Raindrop being delivered directly by Sunburst. Instead, it appears elsewhere on networks where at least one computer has already been compromised by Sunburst.

Names

Name
RAINDROP

Type

Backdoor
Dropper
Loader
Remote command

Information

https://symantec-enterprise-blogs.security.com/blogs/threat-intelligence/solarwinds-raindrop-malware

Mitre Attack

https://attack.mitre.org/software/S0565/

Malpedia

https://malpedia.caad.fkie.fraunhofer.de/details/win.raindrop

Other Information

Uuid

122be2b4-0bc3-41f3-8154-b21db01f7a01

Last Card Change

2022-12-30

Threat Intelligence Garden

Explorer

RAINDROP

RAINDROP

Description

Names

Category

Type

Information

Mitre Attack

Malpedia

Other Information

Uuid

Last Card Change

Graph View

Table of Contents

Backlinks