AcidRain - S1125 (04cecafd-cb5f-4daf-aa1f-73899116c4a2)

AcidRain is an ELF binary targeting modems and routers using MIPS architecture.(Citation: AcidRain JAGS 2022) AcidRain is associated with the ViaSat KA-SAT communication outage that took place during the initial phases of the 2022 full-scale invasion of Ukraine. Analysis indicates overlap with another network device-targeting malware, VPNFilter, associated with Sandworm Team.(Citation: AcidRain JAGS 2022) US and European government sources linked AcidRain to Russian government entities, while Ukrainian government sources linked AcidRain specifically to Sandworm Team.(Citation: AcidRain State Department 2022)(Citation: Vincens AcidPour 2024)

Cluster A	Galaxy A	Cluster B	Galaxy B	Level
Disk Content Wipe - T1561.001 (fb640c43-aa6b-431e-a961-a279010424ac)	Attack Pattern	AcidRain - S1125 (04cecafd-cb5f-4daf-aa1f-73899116c4a2)	Malware	1
Data Destruction - T1485 (d45a3d09-b3cf-48f4-9f0f-f521ee5cb05c)	Attack Pattern	AcidRain - S1125 (04cecafd-cb5f-4daf-aa1f-73899116c4a2)	Malware	1
File and Directory Discovery - T1083 (7bc57495-ea59-4380-be31-a64af124ef18)	Attack Pattern	AcidRain - S1125 (04cecafd-cb5f-4daf-aa1f-73899116c4a2)	Malware	1
AcidRain - S1125 (04cecafd-cb5f-4daf-aa1f-73899116c4a2)	Malware	System Shutdown/Reboot - T1529 (ff73aa03-0090-4464-83ac-f89e233c02bc)	Attack Pattern	1
Disk Wipe - T1561 (1988cc35-ced8-4dad-b2d1-7628488fa967)	Attack Pattern	Disk Content Wipe - T1561.001 (fb640c43-aa6b-431e-a961-a279010424ac)	Attack Pattern	2