Raindrop is a loader used by UNC2452 that was discovered on some victim machines during investigations related to the 2020 SolarWinds cyber intrusion. It was discovered in January 2021 and was likely used since at least May 2020.
Created: 19 January 2021
Last Modified: 25 January 2021
|Enterprise||T1140||Deobfuscate/Decode Files or Information|
|.005||Match Legitimate Name or Location|
|Enterprise||T1027||Obfuscated Files or Information|
|Enterprise||T1497||.003||Virtualization/Sandbox Evasion: Time Based Evasion|
Groups That Use This Software