SUPERNOVA

Description

(Palo Alto) In the analysis of the trojanized Orion artifacts, the .NET .dll app_web_logoimagehandler.ashx.b6031896.dll was dubbed SUPERNOVA, but little detail of its operation has been publicly explored. NOTE: The SUPERNOVA webshell’s association with the SolarStorm actors is now questionable due to the aforementioned .dll not being digitally signed, unlike the SUNBURST .dll. This may indicate that the webshell was not implanted early in SolarWinds’ software development pipeline as was SUNBURST, and was instead dropped by a third party. Additionally, Guidepoint Security conducted their own research into SUPERNOVA, with similar conclusions.

Names

Name
SUPERNOVA

Type

Backdoor

Information

https://unit42.paloaltonetworks.com/solarstorm-supernova/
https://www.guidepointsecurity.com/supernova-solarwinds-net-webshell-analysis/
https://labs.sentinelone.com/solarwinds-understanding-detecting-the-supernova-webshell-trojan/
https://us-cert.cisa.gov/ncas/analysis-reports/ar21-027a
https://www.secureworks.com/blog/supernova-web-shell-deployment-linked-to-spiral-threat-group
https://us-cert.cisa.gov/ncas/analysis-reports/ar21-112

Mitre Attack

https://attack.mitre.org/software/S0578/

Malpedia

https://malpedia.caad.fkie.fraunhofer.de/details/win.supernova

Other Information

Uuid

d066195c-0a56-41bc-9f4b-b2e8eeda540b

Last Card Change

2022-12-30

Threat Intelligence Garden

Explorer

SUPERNOVA

SUPERNOVA

Description

Names

Category

Type

Information

Mitre Attack

Malpedia

Other Information

Uuid

Last Card Change

Graph View

Table of Contents

Backlinks