Researchers found the new Raindrop malware on machines compromised through the SolarWinds cyberattack. The hackers used Raindrop to deliver a Cobalt Strike beacon to select victims that were of interest and which had already been compromised. To hide the malicious functionality, the hackers used a modified version of the 7-Zip source code to compile Raindrop as a DLL file. Symantec saw no evidence of Sunburst delivering Raindrop directly, yet it was present “elsewhere on networks where at least one computer has been compromised by Sunburst”””
Source: https://www.bleepingcomputer.com/news/security/solarwinds-hackers-used-7-zip-code-to-hide-raindrop-cobalt-strike-loader/