Skip to content

Hide Navigation Hide TOC

GoldMax (b05a9763-4288-4656-bf4e-ba02bb8b35d6)

GoldMax is a second-stage C2 backdoor written in Go with Windows and Linux variants that are nearly identical in functionality. GoldMax was discovered in early 2021 during the investigation into the SolarWinds Compromise, and has likely been used by APT29 since at least mid-2019. GoldMax uses multiple defense evasion techniques, including avoiding virtualization execution and masking malicious traffic.[MSTIC NOBELIUM Mar 2021][FireEye SUNSHUTTLE Mar 2021][CrowdStrike StellarParticle January 2022]

Cluster A Galaxy A Cluster B Galaxy B Level
APT29 (4c3e48b9-4426-4271-a7af-c3dfad79f447) Tidal Groups GoldMax (b05a9763-4288-4656-bf4e-ba02bb8b35d6) Tidal Software 1