Exploring the Depths of Multi-tiered Infrastructure

May 14, 2024, 1:30 p.m.

External References

https://otx.alienvault.com/

Description

This report provides an in-depth analysis of SolarMarker, a highly persistent and evolving malware family. It delves into the malware's evolution since 2020, detailing its functionality, evasion tactics, and targeting strategies. The report also highlights the multi-tiered infrastructure supporting SolarMarker, illustrating the threat actor's resilience and sophistication in swiftly rebuilding and strategically shifting infrastructure to evade detection. Additionally, it outlines the high volume of victims across various sectors, particularly education, healthcare, government, hospitality, and SMEs, emphasizing the widespread impact of this threat.

Date

Published: May 14, 2024, 1:06 p.m.

Created: May 14, 2024, 1:06 p.m.

Modified: May 14, 2024, 1:30 p.m.

Indicators

e7d165f3728b96921b43984733a92a51148ec87aec900c519a547c470e2a12d9

ace82e39c0c7bba7b66f589ae8523aeffb1b34aeafe6d2f1f5ed873a0b980936

870f691ec9a83e9c4acce142e0acbf110260e6c8e707410c23c02076244f3973

837e7a67db612b25bfd0f94d37cdbe8b2dc1a298fe5641f27a233ea6daa73bf0

814a9e7720ea8f283e779a43ee72bb215aa6d27a07adfadd45d5c710fb86ee3a

2de324d57bb96154e70958eea97713553f59025ca39220aec5d53c908cbf4645

10fc8f8cf1b45a6a6b2b929414a84fc513f80d31b988c3d70f9a21968e943bf2

056f373077ca5b6a070975b22839d6f427cbcaeaec4dc31df86231cd3757f7e3

84.252.94.184

91.206.178.133

45.86.163.163

37.120.198.226

23.29.115.186

217.138.215.85

217.138.215.79

217.138.215.105

212.237.217.156

212.237.217.136

212.237.217.133

2.58.15.58

2.58.15.214

2.58.14.246

2.58.14.183

194.15.216.237

185.243.115.88

185.243.113.47

146.70.92.187

146.70.80.83

146.70.80.79

146.70.80.66

146.70.71.135

146.70.40.228

146.70.161.15

146.70.160.62

146.70.145.242

146.70.125.68

146.70.125.119

146.70.121.88

146.70.106.174

146.70.104.176

146.70.101.83

146.0.79.21

193.29.104.25

78.135.73.152

185.236.203.159

Download all indicators here!

Attack Patterns

SolarPhantom

SolarMarker

T1584.004

T1583.001

T1583.004

T1583.003

T1573.002

T1573.001

T1583

T1059.001

T1566.002

T1547.001

T1012

T1189

T1071.001

T1082

T1105

T1112

Additional Informations

Hospitality

Healthcare

Education

Government

British Indian Ocean Territory

Nigeria

Bulgaria

India

Canada

Japan

Germany

United Kingdom of Great Britain and Northern Ireland

United States of America

Russian Federation