Exploring the Depths of Multi-tiered Infrastructure

May 14, 2024, 1:30 p.m.

Description

This report provides an in-depth analysis of SolarMarker, a highly persistent and evolving malware family. It delves into the malware's evolution since 2020, detailing its functionality, evasion tactics, and targeting strategies. The report also highlights the multi-tiered infrastructure supporting SolarMarker, illustrating the threat actor's resilience and sophistication in swiftly rebuilding and strategically shifting infrastructure to evade detection. Additionally, it outlines the high volume of victims across various sectors, particularly education, healthcare, government, hospitality, and SMEs, emphasizing the widespread impact of this threat.

External References

https://otx.alienvault.com/pulse/664361c5cc06f48cb86b7f7a
Tags
modular
2024-05-09
solarmarker
persistent
solarphantom
evasive
multi-tiered
information-stealing
2024-05-14
2024-05-10

Date

  • Created: May 14, 2024, 1:06 p.m.
  • Published: May 14, 2024, 1:06 p.m.
  • Modified: May 14, 2024, 1:30 p.m.

Indicators

  • e7d165f3728b96921b43984733a92a51148ec87aec900c519a547c470e2a12d9
  • ace82e39c0c7bba7b66f589ae8523aeffb1b34aeafe6d2f1f5ed873a0b980936
  • 870f691ec9a83e9c4acce142e0acbf110260e6c8e707410c23c02076244f3973
  • 837e7a67db612b25bfd0f94d37cdbe8b2dc1a298fe5641f27a233ea6daa73bf0
  • 814a9e7720ea8f283e779a43ee72bb215aa6d27a07adfadd45d5c710fb86ee3a
  • 2de324d57bb96154e70958eea97713553f59025ca39220aec5d53c908cbf4645
  • 10fc8f8cf1b45a6a6b2b929414a84fc513f80d31b988c3d70f9a21968e943bf2
  • 056f373077ca5b6a070975b22839d6f427cbcaeaec4dc31df86231cd3757f7e3
  • 84.252.94.184
  • 91.206.178.133
  • 45.86.163.163
  • 37.120.198.226
  • 23.29.115.186
  • 217.138.215.85
  • 217.138.215.79
  • 217.138.215.105
  • 212.237.217.156
  • 212.237.217.136
  • 212.237.217.133
  • 2.58.15.58
  • 2.58.15.214
  • 2.58.14.246
  • 2.58.14.183
  • 194.15.216.237
  • 185.243.115.88
  • 185.243.113.47
  • 146.70.92.187
  • 146.70.80.83
  • 146.70.80.79
  • 146.70.80.66
  • 146.70.71.135
  • 146.70.40.228
  • 146.70.161.15
  • 146.70.160.62
  • 146.70.145.242
  • 146.70.125.68
  • 146.70.125.119
  • 146.70.121.88
  • 146.70.106.174
  • 146.70.104.176
  • 146.70.101.83
  • 146.0.79.21
  • 193.29.104.25
  • 78.135.73.152
  • 185.236.203.159
Download all indicators here!

Attack Patterns

  • SolarPhantom
  • SolarMarker
  • SolarMarker
  • T1584.004
  • T1583.001
  • T1583.004
  • T1583.003
  • T1573.002
  • T1573.001
  • T1583
  • T1059.001
  • T1566.002
  • T1547.001
  • T1012
  • T1189
  • T1071.001
  • T1082
  • T1105
  • T1112

Additional Informations

  • Hospitality
  • Healthcare
  • Education
  • Government
  • British Indian Ocean Territory
  • Nigeria
  • Bulgaria
  • India
  • Canada
  • Japan
  • Germany
  • United Kingdom of Great Britain and Northern Ireland
  • United States of America
  • Russian Federation