Domain | ID | Name | Use | |
---|---|---|---|---|
Enterprise | T1071 | .001 | Application Layer Protocol: Web Protocols |
SUPERNOVA had to receive an HTTP GET request containing a specific set of parameters in order to execute.[1][2] |
Enterprise | T1203 | Exploitation for Client Execution |
SUPERNOVA was installed via exploitation of a SolarWinds Orion API authentication bypass vulnerability (CVE-2020-10148).[6][7] |
|
Enterprise | T1036 | .005 | Masquerading: Match Legitimate Name or Location |
SUPERNOVA has masqueraded as a legitimate SolarWinds DLL.[1][2] |
Enterprise | T1027 | Obfuscated Files or Information | ||
Enterprise | T1505 | .003 | Server Software Component: Web Shell |