Teardrop is a memory-only dropper that was discovered on some victim machines during investigations related to the 2020 SolarWinds cyber intrusion. It was likely used by UNC2452 since at least May 2020.
Created: 06 January 2021
Last Modified: 25 January 2021
|Enterprise||T1543||.003||Create or Modify System Process: Windows Service|
|Enterprise||T1140||Deobfuscate/Decode Files or Information|
|Enterprise||T1036||.005||Masquerading: Match Legitimate Name or Location|
|Enterprise||T1027||Obfuscated Files or Information|
Groups That Use This Software
- FireEye. (2020, December 13). Highly Evasive Attacker Leverages SolarWinds Supply Chain to Compromise Multiple Global Victims With SUNBURST Backdoor. Retrieved January 4, 2021.
- MSTIC, CDOC, 365 Defender Research Team. (2021, January 20). Deep dive into the Solorigate second-stage activation: From SUNBURST to TEARDROP and Raindrop . Retrieved January 22, 2021.