Microsoft reveals 3 new malware strains used by SolarWinds hackers

Two things from this article. 1. SolarWinds really is the gift that keeps on giving. 2. The rush to attribution at the moment a hack is discovered is foolish. It takes time to uncover what’s really happened…:

According to Microsoft, these malware strains come with the following capabilities:

  • GoldMax: Go-based malware used as a command-and-control backdoor for hiding malicious activity and evading detection. It also has a decoy network traffic generator for concealing malicious network traffic with seemingly benign traffic.
  • Sibot: VBScript-based malware used for maintaining persistence and downloading additional malware payloads using a second-stage script
  • GoldFinder: Go-based malware “most likely” used as a custom HTTP tracer tool for detecting servers and redirectors like network security devices between the infected devices and C2 server.

Earlier today, FireEye also shared information on another new second-stage backdoor discovered on the servers of an organization compromised by the SolarWinds hackers.

Original Article