: It communicates with a remote server using legitimate-looking HTTP/S traffic to blend in with normal network activity. Trusted Resources for In-Depth Analysis
The file is a widely documented example of a malware sample , specifically associated with a variant of the PoolBoy backdoor . This malware has been linked to the advanced persistent threat (APT) group UNC2452 (also known as DarkHALO or NOBELIUM), the actors behind the SolarWinds supply chain attack . Technical Overview
: Their analysis of the NOBELIUM toolset explains the handoff between different malware stages (e.g., from SUNBURST to Teardrop/PoolBoy).
: Their report on the UNC2452/SolarWinds campaign provides the most granular details on how PoolBoy functions within the broader attack lifecycle.
: The file often contains obfuscation or environmental checks to detect if it is being run in a sandbox or by a security researcher.
This website uses cookies to improve your experience. Please confirm whether you consent to this using the buttons below.
: It communicates with a remote server using legitimate-looking HTTP/S traffic to blend in with normal network activity. Trusted Resources for In-Depth Analysis
The file is a widely documented example of a malware sample , specifically associated with a variant of the PoolBoy backdoor . This malware has been linked to the advanced persistent threat (APT) group UNC2452 (also known as DarkHALO or NOBELIUM), the actors behind the SolarWinds supply chain attack . Technical Overview poolboyinside.rar
: Their analysis of the NOBELIUM toolset explains the handoff between different malware stages (e.g., from SUNBURST to Teardrop/PoolBoy). : It communicates with a remote server using
: Their report on the UNC2452/SolarWinds campaign provides the most granular details on how PoolBoy functions within the broader attack lifecycle. Technical Overview : Their analysis of the NOBELIUM
: The file often contains obfuscation or environmental checks to detect if it is being run in a sandbox or by a security researcher.