Skip to content

Hide Navigation Hide TOC

AcidPour - S1167 (4b1b3a36-bbd6-462c-9c03-7fd4fb5e0dfa)

AcidPour is a variant of AcidRain designed to impact a wider range of x86 architecture Linux devices. AcidPour is an x86 ELF binary that expands on the targeted devices and locations in AcidRain by including items such as Unsorted Block Image (UBI), Deice Mapper (DM), and various flash memory references. Based on this expanded targeting, AcidPour can impact a variety of device types including IoT, networking, and ICS embedded device types.(Citation: SentinelOne AcidPour 2024) AcidPour is a wiping payload associated with the Sandworm Team threat actor, and potentially linked to attacks against Ukrainian internet service providers (ISPs) in 2023.(Citation: CERT-UA TelecomAttack 2023)

Cluster A Galaxy A Cluster B Galaxy B Level
Peripheral Device Discovery - T1120 (348f1eef-964b-4eb6-bb53-69b3dcb0c643) Attack Pattern AcidPour - S1167 (4b1b3a36-bbd6-462c-9c03-7fd4fb5e0dfa) Malware 1
Data Destruction - T1485 (d45a3d09-b3cf-48f4-9f0f-f521ee5cb05c) Attack Pattern AcidPour - S1167 (4b1b3a36-bbd6-462c-9c03-7fd4fb5e0dfa) Malware 1
AcidPour - S1167 (4b1b3a36-bbd6-462c-9c03-7fd4fb5e0dfa) Malware System Information Discovery - T1082 (354a7f88-63fb-41b5-a801-ce3b377b36f1) Attack Pattern 1
Disk Content Wipe - T1561.001 (fb640c43-aa6b-431e-a961-a279010424ac) Attack Pattern AcidPour - S1167 (4b1b3a36-bbd6-462c-9c03-7fd4fb5e0dfa) Malware 1
System Shutdown/Reboot - T1529 (ff73aa03-0090-4464-83ac-f89e233c02bc) Attack Pattern AcidPour - S1167 (4b1b3a36-bbd6-462c-9c03-7fd4fb5e0dfa) Malware 1
File and Directory Discovery - T1083 (7bc57495-ea59-4380-be31-a64af124ef18) Attack Pattern AcidPour - S1167 (4b1b3a36-bbd6-462c-9c03-7fd4fb5e0dfa) Malware 1
AcidPour - S1167 (4b1b3a36-bbd6-462c-9c03-7fd4fb5e0dfa) Malware File Deletion - T1070.004 (d63a3fb8-9452-4e9d-a60a-54be68d5998c) Attack Pattern 1
Disk Content Wipe - T1561.001 (fb640c43-aa6b-431e-a961-a279010424ac) Attack Pattern Disk Wipe - T1561 (1988cc35-ced8-4dad-b2d1-7628488fa967) Attack Pattern 2
Indicator Removal - T1070 (799ace7f-e227-4411-baa0-8868704f2a69) Attack Pattern File Deletion - T1070.004 (d63a3fb8-9452-4e9d-a60a-54be68d5998c) Attack Pattern 2