FROSTBITE

Custom Snowflake reconnaissance utility (.NET and Java variants, attacker-named 'rapeflake') deployed by UNC5537 / ShinyHunters during the 2024 Snowflake-customer extortion campaign disclosed by Mandiant in June 2024.

family

FROSTBITE

first seen

Apr 13, 2024

publisher

Mandiant (Google Cloud)