ID | X0041 |
Type | Dropper |
Aliases | None |
Platforms | Windows |
Year | 2018 |
Associated ATT&CK Software | TEARDROP |
TEARDROP is a memory-only dropper associated with the SolarWinds supply chain compromise.
See ATT&CK: TEARDROP - Techniques Used.
Name | Use |
---|---|
Defense Evasion::Obfuscated Files or Information::Encryption-Standard Algorithm (E1027.m05) | Malware decrypts an embedded code buffer using an XOR-based stream cipher. [1] |
Command and Control::Ingress Tool Transfer (E1105) | Malware executes the decrypted, embedded code buffer, which is a Cobalt Strike Remote Access Tool (RAT). [1] |
Name | Use |
---|---|
Anti-Behavioral Analysis::Capture Evasion::Memory-only Payload (B0036.001) | Malware loads its payload into memory. [1] |
[1] https://www.cisa.gov/uscert/ncas/analysis-reports/ar21-039b/