05-03-2021, 11:39 AM
مقالتين تقنيتين من طرف FireEye و Microsoft تتحدثان عن هجمات مماثلة و علاقتها بهجوم SolarWinds.
New SUNSHUTTLE Second-Stage Backdoor Uncovered Targeting U.S.-Based Entity; Possible Connection to UNC2452
GoldMax, GoldFinder, and Sibot: Analyzing NOBELIUM’s layered persistence
New SUNSHUTTLE Second-Stage Backdoor Uncovered Targeting U.S.-Based Entity; Possible Connection to UNC2452
https://www.fireeye.com/blog/threat-research/2021/03/sunshuttle-second-stage-backdoor-targeting-us-based-entity.html
GoldMax, GoldFinder, and Sibot: Analyzing NOBELIUM’s layered persistence
https://www.microsoft.com/security/blog/2021/03/04/goldmax-goldfinder-sibot-analyzing-nobelium-malware/