Malware: SUPERNOVA

Description

[SUPERNOVA](https://attack.mitre.org/software/S0578) is an in-memory web shell written in .NET C#. It was discovered in November 2020 during the investigation of [APT29](https://attack.mitre.org/groups/G0016)'s SolarWinds cyber operation but determined to be unrelated. Subsequent analysis suggests [SUPERNOVA](https://attack.mitre.org/software/S0578) may have been used by the China-based threat group SPIRAL.(Citation: Guidepoint SUPERNOVA Dec 2020)(Citation: Unit42 SUPERNOVA Dec 2020)(Citation: SolarWinds Advisory Dec 2020)(Citation: CISA Supernova Jan 2021)(Citation: Microsoft Analyzing Solorigate Dec 2020)

External References

• mitre-attack
• CISA Supernova Jan 2021
• Microsoft Analyzing Solorigate Dec 2020
• Guidepoint SUPERNOVA Dec 2020
• SolarWinds Advisory Dec 2020
• Unit42 SUPERNOVA Dec 2020

Techniques Used by This Malware

• T1027.013 — Encrypted/Encoded File
• T1036.005 — Match Legitimate Resource Name or Location
• T1071.001 — Web Protocols
• T1203 — Exploitation for Client Execution
• T1505.003 — Web Shell