GoldFinder (4e8c58c5-443e-4f73-91e9-89146f04e307)
GoldFinder is a custom HTTP tracer tool written in Go that logs the route a packet takes between a compromised network and a C2 server. It can be used to inform threat actors of potential points of discovery or logging of their actions, including C2 related to other malware. GoldFinder was discovered in early 2021 during an investigation into the SolarWinds Compromise by APT29.[MSTIC NOBELIUM Mar 2021]
| Cluster A | Galaxy A | Cluster B | Galaxy B | Level |
|---|---|---|---|---|
| GoldFinder (4e8c58c5-443e-4f73-91e9-89146f04e307) | Tidal Software | APT29 (4c3e48b9-4426-4271-a7af-c3dfad79f447) | Tidal Groups | 1 |