ioc[.]one - OSINT Cyber Threat Intelligence Database

CISA Identifies SUPERNOVA Malware During Incident Response | CISA

Tags

cmtmf-attack-pattern:

Command And Scripting Interpreter Masquerading Supply Chain Compromise

attack-pattern:

Data Models Archive Collected Data - T1560 Archive Collected Data - T1532 Archive Via Utility - T1560.001 Clear Windows Event Logs - T1070.001 Command And Scripting Interpreter - T1623 Credentials - T1589.001 Exfiltration Over C2 Channel - T1646 Indicator Removal On Host - T1630 Ingress Tool Transfer - T1544 Ip Addresses - T1590.005 Local Data Staging - T1074.001 Lsass Memory - T1003.001 Malware - T1587.001 Malware - T1588.001 Masquerading - T1655 Match Legitimate Name Or Location - T1036.005 Match Legitimate Name Or Location - T1655.001 Process Discovery - T1424 Multi-Factor Authentication - T1556.006 Powershell - T1059.001 Private Keys - T1552.004 Remote Desktop Protocol - T1021.001 Rename System Utilities - T1036.003 Server - T1583.004 Server - T1584.004 Server Software Component - T1505 Smb/Windows Admin Shares - T1021.002 Software - T1592.002 Supply Chain Compromise - T1474 Web Shell - T1505.003 Unsecured Credentials - T1552 Tool - T1588.002 Command-Line Interface - T1059 Credential Dumping - T1003 Data Staged - T1074 Deobfuscate/Decode Files Or Information - T1140 Exfiltration Over Command And Control Channel - T1041 External Remote Services - T1133 Indicator Removal On Host - T1070 Remote File Copy - T1105 Masquerading - T1036 Powershell - T1086 Private Keys - T1145 Process Discovery - T1057 Remote Desktop Protocol - T1076 Remote Services - T1021 Supply Chain Compromise - T1195 Windows Management Instrumentation - T1047 Valid Accounts - T1078 Web Shell - T1100 External Remote Services Indicator Removal On Host Masquerading Supply Chain Compromise Valid Accounts

Show in Graph

Common Information

Type	Value
UUID	ee6097ee-3efd-4910-82b5-0c6f907af206
Fingerprint	49b2d954a3ec6a4
Analysis status	DONE
Considered CTI value	2
Text language
Published	April 22, 2021, midnight
Added to db	Sept. 26, 2022, 9:31 a.m.
Last updated	Nov. 17, 2024, 10:40 p.m.
Headline	Analysis Report (AR21-112A)
Title	CISA Identifies SUPERNOVA Malware During Incident Response \| CISA
Detected Hints/Tags/Attributes	96/2/33

Source URLs

	Redirection	Url
Details	Source	https://us-cert.cisa.gov/ncas/analysis-reports/ar21-112a

URL Provider

Details	Provider	Source level domain
Details	cisa.gov	us-cert.cisa.gov

Attributes

Details	Type	#Events	Value
Details	CVE	21	cve-2021-22893
Details	CVE	11	cve-2020-10148
Details	File	27	procdump.exe
Details	File	1	splunklogger.exe
Details	File	1	c:\inetpub\solarwinds\ja\license.txt
Details	File	1	solarwindsbusinesslayer.exe
Details	File	89	wininit.exe
Details	File	1	c:\windows\temp\ts_85et.tmp
Details	File	2126	cmd.exe
Details	File	1	c:\windows\temp\wininit.exe
Details	File	1	c:\windows\temp\ts_9d3c.tmp
Details	File	47	winrar.exe
Details	File	1	c:\windows\temp\googleupdate.tmp
Details	IPv4	1	207.89.9.153
Details	IPv4	1	24.140.28.90
Details	IPv4	1	24.117.18.111
Details	MITRE ATT&CK Techniques	191	T1133
Details	MITRE ATT&CK Techniques	306	T1078
Details	MITRE ATT&CK Techniques	460	T1059.001
Details	MITRE ATT&CK Techniques	504	T1140
Details	MITRE ATT&CK Techniques	492	T1105
Details	MITRE ATT&CK Techniques	104	T1505.003
Details	MITRE ATT&CK Techniques	26	T1552.004
Details	MITRE ATT&CK Techniques	32	T1036.003
Details	MITRE ATT&CK Techniques	173	T1003.001
Details	MITRE ATT&CK Techniques	49	T1074.001
Details	MITRE ATT&CK Techniques	422	T1041
Details	MITRE ATT&CK Techniques	92	T1070.001
Details	MITRE ATT&CK Techniques	139	T1021.002
Details	MITRE ATT&CK Techniques	310	T1047
Details	MITRE ATT&CK Techniques	433	T1057
Details	MITRE ATT&CK Techniques	183	T1036.005
Details	MITRE ATT&CK Techniques	116	T1560.001