216.73.216.6

GoldFinder

The MITRE Corporation · Published 26/03/2021 17:48 · Modified 27/03/2026 01:06 Family

Essential information

Confidence
100/100
Is family
Yes
Published
26/03/2021 17:48
Modified
27/03/2026 01:06
Revoked
No
Author / Source
The MITRE Corporation
Related entities
3 attack patterns (mitre), 1 intrusion sets (apt), 1 campaign, 1 reports, 1 campaigns

Description

[GoldFinder](https://attack.mitre.org/software/S0597) is a custom HTTP tracer tool written in Go that logs the route a packet takes between a compromised network and a C2 server. It can be used to inform threat actors of potential points of discovery or logging of their actions, including C2 related to other malware. [GoldFinder](https://attack.mitre.org/software/S0597) was discovered in early 2021 during an investigation into the [SolarWinds Compromise](https://attack.mitre.org/campaigns/C0024) by [APT29](https://attack.mitre.org/groups/G0016).(Citation: MSTIC NOBELIUM Mar 2021)

Marking (TLP)

Copyright 2015-2025, The MITRE Corporation. MITRE ATT&CK and ATT&CK are registered trademarks of The MITRE Corporation.

External references

Related entities

Attack patterns, malware, vulnerabilities, indicators, intrusion sets and other entities linked to this malware.