ThaiCERT    ETDA    MDES
Report
Search
Home > List all groups > List all tools > List all groups using tool RAINDROP

Threat Group Cards: A Threat Actor Encyclopedia

Permanent link Tool: RAINDROP

NamesRAINDROP
CategoryMalware
TypeBackdoor, Dropper, Loader, Remote command
Description(Symantec) Raindrop (Backdoor.Raindrop) is a loader which delivers a payload of Cobalt Strike. Raindrop is very similar to the already documented TEARDROP tool, but there are some key differences between the two. While Teardrop was delivered by the initial SUNBURST backdoor (Backdoor.Sunburst), Raindrop appears to have been used for spreading across the victim’s network. Symantec has seen no evidence to date of Raindrop being delivered directly by Sunburst. Instead, it appears elsewhere on networks where at least one computer has already been compromised by Sunburst.
Information<https://symantec-enterprise-blogs.security.com/blogs/threat-intelligence/solarwinds-raindrop-malware>
Malpedia<https://malpedia.caad.fkie.fraunhofer.de/details/win.raindrop>

Last change to this tool card: 23 April 2021

Download this tool card in JSON format

All groups using tool RAINDROP

ChangedNameCountryObserved

APT groups

 APT 29, Cozy Bear, The DukesRussia2008-Jul 2021 HOTX

1 group listed (1 APT, 0 other, 0 unknown)

Thailand Computer Emergency Response Team (ThaiCERT)
Electronic Transactions Development Agency

Follow us on

Facebook Twitter

Report incidents

Telephone +66 (0)2-123-1234
E-mail report@thaicert.or.th
PGP Download PGP key