TEARDROP
December 21, 2023 ยท View on GitHub
| ID | X0041 |
| Type | Dropper |
| Aliases | None |
| Platforms | Windows |
| Year | 2018 |
| Associated ATT&CK Software | TEARDROP |
TEARDROP
TEARDROP is a memory-only dropper associated with the SolarWinds supply chain compromise.
ATT&CK Techniques
See ATT&CK: TEARDROP - Techniques Used.
Enhanced ATT&CK Techniques
| Name | Use |
|---|---|
| Defense Evasion::Obfuscated Files or Information::Encryption-Standard Algorithm (E1027.m05) | Malware decrypts an embedded code buffer using an XOR-based stream cipher. [1] |
| Command and Control::Ingress Tool Transfer (E1105) | Malware executes the decrypted, embedded code buffer, which is a Cobalt Strike Remote Access Tool (RAT). [1] |
MBC Behaviors
| Name | Use |
|---|---|
| Anti-Behavioral Analysis::Capture Evasion::Memory-only Payload (B0036.001) | Malware loads its payload into memory. [1] |
References
[1] https://www.cisa.gov/uscert/ncas/analysis-reports/ar21-039b/