SUPERNOVA (Malware Family)
By Fraunhofer FKIE
Archived: 2026-04-06 00:36:05 UTC
[TLP:WHITE] win_supernova_auto (20251219 | Detects win.supernova.)
[TLP:WHITE] win_supernova_w0   (20201216 | This rule is looking for specific strings related to
SUPERNOVA. SUPERNOVA is a .NET web shell backdoor masquerading as a legitimate SolarWinds web
service handler. SUPERNOVA inspects and responds to HTTP requests with the appropriate HTTP query strings,
Cookies, and/or HTML form values (e.g. named codes, class, method, and args).)
[TLP:WHITE] win_supernova_w1   (20201216 | SUPERNOVA is a .NET web shell backdoor masquerading as
a legitimate SolarWinds web service handler. SUPERNOVA inspects and responds to HTTP requests with the
appropriate HTTP query strings, Cookies, and/or HTML form values (e.g. named codes, class, method, and args).
This rule is looking for specific strings and attributes related to SUPERNOVA.)
Source: https://malpedia.caad.fkie.fraunhofer.de/details/win.supernova
https://malpedia.caad.fkie.fraunhofer.de/details/win.supernova
Page 1 of 1