Skip to content

Hide Navigation Hide TOC

Solar - S1166 (b921a2fa-09fe-46b8-bd3c-8118781bf1f8)

Solar is a C#/.NET backdoor that was used by OilRig during the Outer Space campaign to download, execute, and exfiltrate files.(Citation: ESET OilRig Campaigns Sep 2023)

Cluster A Galaxy A Cluster B Galaxy B Level
Solar - S1166 (b921a2fa-09fe-46b8-bd3c-8118781bf1f8) Malware System Information Discovery - T1082 (354a7f88-63fb-41b5-a801-ce3b377b36f1) Attack Pattern 1
Exfiltration Over C2 Channel - T1041 (92d7da27-2d91-488e-a00c-059dc162766d) Attack Pattern Solar - S1166 (b921a2fa-09fe-46b8-bd3c-8118781bf1f8) Malware 1
Solar - S1166 (b921a2fa-09fe-46b8-bd3c-8118781bf1f8) Malware Standard Encoding - T1132.001 (04fd5427-79c7-44ea-ae13-11b24778ff1c) Attack Pattern 1
Solar - S1166 (b921a2fa-09fe-46b8-bd3c-8118781bf1f8) Malware Ingress Tool Transfer - T1105 (e6919abc-99f9-4c6c-95a5-14761e7b2add) Attack Pattern 1
Solar - S1166 (b921a2fa-09fe-46b8-bd3c-8118781bf1f8) Malware Scheduled Task - T1053.005 (005a06c6-14bf-4118-afa0-ebcd8aebb0c9) Attack Pattern 1
Solar - S1166 (b921a2fa-09fe-46b8-bd3c-8118781bf1f8) Malware Symmetric Cryptography - T1573.001 (24bfaeba-cb0d-4525-b3dc-507c77ecec41) Attack Pattern 1
Solar - S1166 (b921a2fa-09fe-46b8-bd3c-8118781bf1f8) Malware File Deletion - T1070.004 (d63a3fb8-9452-4e9d-a60a-54be68d5998c) Attack Pattern 1
Solar - S1166 (b921a2fa-09fe-46b8-bd3c-8118781bf1f8) Malware Automated Exfiltration - T1020 (774a3188-6ba9-4dc4-879d-d54ee48a5ce9) Attack Pattern 1
Data Encoding - T1132 (cc7b8c4e-9be0-47ca-b0bb-83915ec3ee2f) Attack Pattern Standard Encoding - T1132.001 (04fd5427-79c7-44ea-ae13-11b24778ff1c) Attack Pattern 2
Scheduled Task - T1053.005 (005a06c6-14bf-4118-afa0-ebcd8aebb0c9) Attack Pattern Scheduled Task/Job - T1053 (35dd844a-b219-4e2b-a6bb-efa9a75995a9) Attack Pattern 2
Encrypted Channel - T1573 (b8902400-e6c5-4ba2-95aa-2d35b442b118) Attack Pattern Symmetric Cryptography - T1573.001 (24bfaeba-cb0d-4525-b3dc-507c77ecec41) Attack Pattern 2
Indicator Removal - T1070 (799ace7f-e227-4411-baa0-8868704f2a69) Attack Pattern File Deletion - T1070.004 (d63a3fb8-9452-4e9d-a60a-54be68d5998c) Attack Pattern 2