Raindrop (80295aeb-59e3-4c5d-ac39-9879158f8d23)
Raindrop is a loader used by APT29 that was discovered on some victim machines during investigations related to the SolarWinds Compromise. It was discovered in January 2021 and was likely used since at least May 2020.[Symantec RAINDROP January 2021][Microsoft Deep Dive Solorigate January 2021]
Cluster A | Galaxy A | Cluster B | Galaxy B | Level |
---|---|---|---|---|
APT29 (4c3e48b9-4426-4271-a7af-c3dfad79f447) | Tidal Groups | Raindrop (80295aeb-59e3-4c5d-ac39-9879158f8d23) | Tidal Software | 1 |