SYMBOL | COMMON_NAME | aka. SYNONYMS |
Actor(s): APT 29, UNC2452
FireEye describes SUNBURST as a trojanized SolarWinds digitally-signed component of the Orion software framework that contains a backdoor that communicates via HTTP to third party servers. After an initial dormant period of up to two weeks, it uses a DGA to generate specific subdomains for a set C&C domain. The backdoor retrieves and executes commands, that include the ability to transfer files, execute files, profile the system, reboot the machine, and disable system services. The C2 traffic to the malicious domains is designed to mimic normal SolarWinds API communications: Orion Improvement Program (OIP) protocol. The backdoor uses multiple obfuscated blocklists to identify forensic and anti-virus tools running as processes, services, and drivers. Multiple trojanzied updates were digitally signed from March - May 2020 and posted to the SolarWinds updates website.
2023-04-13 ⋅ CERT.PL ⋅ CERT Polska and SKW warn against the activities of Russian spies BOOMBOX EnvyScout SUNBURST |
2022-09-10 ⋅ Malware development: persistence - part 10. Using Image File Execution Options. Simple C++ example. SUNBURST |
2022-07-31 ⋅ BushidoToken Blog ⋅ Space Invaders: Cyber Threats That Are Out Of This World Poison Ivy Raindrop SUNBURST TEARDROP WastedLocker |
2022-07-18 ⋅ Palo Alto Networks Unit 42 ⋅ Solar Phoenix SUNBURST TEARDROP UNC2452 |
2022-06-18 ⋅ R136a1 ⋅ Using dotnetfile to get a Sunburst timeline for intelligence gathering SUNBURST |
2022-04-27 ⋅ Mandiant ⋅ Assembling the Russian Nesting Doll: UNC2452 Merged into APT29 Cobalt Strike Raindrop SUNBURST TEARDROP |
2021-12-29 ⋅ Palo Alto Networks Unit 42 ⋅ Strategically Aged Domain Detection: Capture APT Attacks With DNS Traffic Trends Chrysaor SUNBURST |
2021-09-02 ⋅ Bleeping Computer ⋅ Autodesk reveals it was targeted by Russian SolarWinds hackers SUNBURST |
2021-07-27 ⋅ Gigamon ⋅ Ghosts on the Wire: Expanding Conceptions of Network Anomalies SUNBURST |
2021-07-13 ⋅ YouTube ( Matt Soseman) ⋅ Solarwinds and SUNBURST attacks compromised my lab! Cobalt Strike Raindrop SUNBURST TEARDROP |
2021-06-12 ⋅ YouTube (BSidesBoulder) ⋅ Same and Different - sesame street level attribution Kazuar SUNBURST |
2021-06-01 ⋅ SANS ⋅ A Contrarian View on SolarWinds Cobalt Strike Raindrop SUNBURST TEARDROP |
2021-05-31 ⋅ Wired ⋅ Hacker Lexicon: What Is a Supply Chain Attack? EternalPetya SUNBURST |
2021-05-14 ⋅ CISA ⋅ Analysis Report (AR21-134A): Eviction Guidance for Networks Affected by the SolarWinds and Active Directory/M365 Compromise SUNBURST |
2021-05-08 ⋅ The Record ⋅ SolarWinds says fewer than 100 customers were impacted by supply chain attack SUNBURST |
2021-05-07 ⋅ SolarWinds ⋅ An Investigative Update of the Cyberattack SUNBURST |
2021-04-22 ⋅ RiskIQ ⋅ SolarWinds: Advancing the Story SUNBURST |
2021-04-15 ⋅ European Council ⋅ Declaration by the High Representative on behalf of the European Union expressing solidarity with the United States on the impact of the SolarWinds cyber operation SUNBURST |
2021-04-15 ⋅ North Atlantic Treaty Organization ⋅ North Atlantic Council Statement following the announcement by the United States of actions with regard to Russia SUNBURST |
2021-04-15 ⋅ Ministry of foreign affairs of the Republic of Latvia ⋅ Latvia’s statement following the announcement by the United States of actions to respond to the Russian Federation’s destabilizing activities (Deadlink) SUNBURST |
2021-04-15 ⋅ Ministry of Foreign Affairs Republic of Poland ⋅ Statement on Solar Winds Orion cyberattacks SUNBURST |
2021-03-18 ⋅ CISA ⋅ Alert (AA21-077A): Detecting Post-Compromise Threat Activity Using the CHIRP IOC Detection Tool SUNBURST |
2021-03-18 ⋅ Github (cisagov) ⋅ CISA Hunt and Incident Response Program (CHIRP) SUNBURST |
2021-03-17 ⋅ CISA ⋅ SolarWinds and Active Directory/M365 Compromise: Detecting Advanced Persistent Threat Activity from Known Tactics, Techniques, and Procedures (Dead Link) SUNBURST |
2021-03-16 ⋅ Mimecast ⋅ Incident Report SUNBURST |
2021-03-10 ⋅ US-CERT ⋅ Remediating Networks Affected by the SolarWinds and Active Directory/M365 Compromise SUNBURST |
2021-03-08 ⋅ Youtube (SANS Digital Forensics and Incident Response) ⋅ STAR Webcast: Making sense of SolarWinds through the lens of MITRE ATT&CK(R) Cobalt Strike SUNBURST TEARDROP |
2021-03-04 ⋅ Microsoft ⋅ GoldMax, GoldFinder, and Sibot: Analyzing NOBELIUM’s layered persistence SUNBURST TEARDROP UNC2452 |
2021-03-01 ⋅ Microsoft ⋅ Detect and defend against the recent nation-state cyber attack SUNBURST |
2021-02-28 ⋅ PWC UK ⋅ Cyber Threats 2020: A Year in Retrospect elf.wellmess FlowerPower PowGoop 8.t Dropper Agent.BTZ Agent Tesla Appleseed Ave Maria Bankshot BazarBackdoor BLINDINGCAN Chinoxy Conti Cotx RAT Crimson RAT DUSTMAN Emotet FriedEx FunnyDream Hakbit Mailto Maze METALJACK Nefilim Oblique RAT Pay2Key PlugX QakBot REvil Ryuk StoneDrill StrongPity SUNBURST SUPERNOVA TrickBot TurlaRPC Turla SilentMoon WastedLocker WellMess Winnti ZeroCleare APT10 APT23 APT27 APT31 APT41 BlackTech BRONZE EDGEWOOD Inception Framework MUSTANG PANDA Red Charon Red Nue Sea Turtle Tonto Team |
2021-02-26 ⋅ YouTube (Oversight Committee) ⋅ Weathering the Storm: The Role of Private Tech in the SolarWinds Breach and Ongoing Campaign SUNBURST |
2021-02-25 ⋅ Microsoft ⋅ CodeQL queries to hunt for Solorigate activity SUNBURST |
2021-02-25 ⋅ BrightTALK (FireEye) ⋅ Light in the Dark: Hunting for SUNBURST SUNBURST |
2021-02-25 ⋅ Microsoft ⋅ Microsoft open sources CodeQL queries used to hunt for Solorigate activity SUNBURST |
2021-02-24 ⋅ Bleeping Computer ⋅ NASA and the FAA were also breached by the SolarWinds hackers SUNBURST |
2021-02-23 ⋅ CrowdStrike ⋅ 2021 Global Threat Report RansomEXX Amadey Anchor Avaddon BazarBackdoor Clop Cobalt Strike Conti Cutwail DanaBot DarkSide DoppelPaymer Dridex Egregor Emotet Hakbit IcedID JSOutProx KerrDown LockBit Mailto Maze MedusaLocker Mespinoza Mount Locker NedDnLoader Nemty Pay2Key PlugX Pushdo PwndLocker PyXie QakBot Quasar RAT RagnarLocker Ragnarok RansomEXX REvil Ryuk Sekhmet ShadowPad SmokeLoader Snake SUNBURST SunCrypt TEARDROP TrickBot WastedLocker Winnti Zloader KNOCKOUT SPIDER OUTLAW SPIDER RIDDLE SPIDER SOLAR SPIDER VIKING SPIDER |
2021-02-19 ⋅ THE NEW STACK ⋅ Behind the Scenes of the SunBurst Attack SUNBURST |
2021-02-17 ⋅ YouTube (The White House) ⋅ Update on Investigaton on Solarwinds supply chain attack from the Deputy National Security Advisor SUNBURST |
2021-02-17 ⋅ apirro ⋅ Detect and prevent the SolarWinds build-time code injection attack SUNBURST |
2021-02-17 ⋅ Netresec ⋅ Targeting Process for the SolarWinds Backdoor SUNBURST |
2021-02-16 ⋅ FireEye ⋅ Light in the Dark: Hunting for SUNBURST SUNBURST |
2021-02-16 ⋅ Accenture ⋅ Hard lessons learned: Threat intel takeaways from the community response to Solarigate SUNBURST TEARDROP |
2021-02-08 ⋅ US-CERT ⋅ Malware Analysis Report (AR21-039A): SUNBURST SUNBURST |
2021-01-29 ⋅ Aon ⋅ Cloudy with a Chance of Persistent Email Access SUNBURST |
2021-01-28 ⋅ Check Point ⋅ Deep into the SunBurst Attack SUNBURST |
2021-01-28 ⋅ YouTube (Microsoft Security Community) ⋅ Microsoft 365 Defender webinar: Protect, Detect, and Respond to Solorigate using M365 Defender SUNBURST |
2021-01-26 ⋅ Fidelis ⋅ Ongoing Analysis of SolarWinds Impacts SUNBURST |
2021-01-26 ⋅ Mimecast ⋅ Important Security Update SUNBURST |
2021-01-26 ⋅ Kaspersky Labs ⋅ SunBurst industrial victims SUNBURST |
2021-01-26 ⋅ Bleeping Computer ⋅ Mimecast links security breach to SolarWinds hackers SUNBURST |
2021-01-25 ⋅ Netresec ⋅ Twenty-three SUNBURST Targets Identified SUNBURST |
2021-01-25 ⋅ ZenGo ⋅ Ungilded Secrets: A New Paradigm for Key Security SUNBURST |
2021-01-24 ⋅ Medium vrieshd ⋅ Finding SUNBURST victims and targets by using passive DNS, OSINT SUNBURST |
2021-01-22 ⋅ DomainTools ⋅ Change in Perspective on the Utility of SUNBURST-related Network Indicators SUNBURST |
2021-01-22 ⋅ Symantec ⋅ SolarWinds: How Sunburst Sends Data Back to the Attackers SUNBURST |
2021-01-21 ⋅ NetbyteSEC ⋅ Solarwinds Attack: Sunburst's DLL Technical Analysis SUNBURST |
2021-01-20 ⋅ Microsoft ⋅ Deep dive into the Solorigate second-stage activation: From SUNBURST to TEARDROP and Raindrop Cobalt Strike SUNBURST TEARDROP |
2021-01-19 ⋅ Github (fireeye) ⋅ Mandiant Azure AD Investigator: Focusing on UNC2452 TTPs SUNBURST |
2021-01-18 ⋅ Symantec ⋅ Raindrop: New Malware Discovered in SolarWinds Investigation Cobalt Strike Raindrop SUNBURST TEARDROP |
2021-01-17 ⋅ a12d404 ⋅ Backdooring MSBuild SUNBURST |
2021-01-15 ⋅ Symantec ⋅ SolarWinds: Insights into Attacker Command and Control Process SUNBURST |
2021-01-14 ⋅ DomainTools ⋅ The Devil’s in the Details: SUNBURST Attribution SUNBURST |
2021-01-14 ⋅ Microsoft ⋅ Increasing resilience against Solorigate and other sophisticated attacks with Microsoft Defender SUNBURST |
2021-01-12 ⋅ BrightTALK (FireEye) ⋅ UNC2452: What We Know So Far Cobalt Strike SUNBURST TEARDROP |
2021-01-11 ⋅ Kaspersky Labs ⋅ Sunburst backdoor – code overlaps with Kazuar Kazuar SUNBURST |
2021-01-11 ⋅ SolarWinds ⋅ New Findings From Our Investigation of SUNBURST Cobalt Strike SUNBURST TEARDROP |
2021-01-11 ⋅ Netresec ⋅ Robust Indicators of Compromise for SUNBURST SUNBURST |
2021-01-11 ⋅ CrowdStrike ⋅ SUNSPOT: An Implant in the Build Process SUNBURST |
2021-01-08 ⋅ US-CERT ⋅ Alert (AA21-008A): Detecting Post-Compromise Threat Activity in Microsoft Cloud Environments SUNBURST SUPERNOVA |
2021-01-08 ⋅ splunk ⋅ A Golden SAML Journey: SolarWinds Continued SUNBURST |
2021-01-07 ⋅ TRUESEC ⋅ Avoiding supply-chain attacks similar to SolarWinds Orion’s (SUNBURST) SUNBURST |
2021-01-07 ⋅ Symantec ⋅ SolarWinds: How a Rare DGA Helped Attacker Communications Fly Under the Radar SUNBURST |
2021-01-06 ⋅ Department of Justice ⋅ Department of Justice Statement on Solarwinds Update SUNBURST |
2021-01-06 ⋅ Github (SentinelLabs) ⋅ SolarWinds_Countermeasures SUNBURST |
2021-01-06 ⋅ CISA ⋅ Supply Chain Compromise SUNBURST |
2021-01-06 ⋅ MITRE ⋅ ATT&CK Navigator layer for UNC2452 SUNBURST |
2021-01-05 ⋅ Joint Statement by the Federal Bureau of Investigation (FBI), the Cybersecurity and Infrastructure Security Agency (CISA), the Office of the Director of National Intelligence (ODNI), and the National Security Agency (NSA) SUNBURST |
2021-01-05 ⋅ Sangfor ⋅ Red team's perspective on the TTPs in Sunburst's backdoor SUNBURST |
2021-01-04 ⋅ Netresec ⋅ Finding Targeted SUNBURST Victims with pDNS SUNBURST |
2021 ⋅ Mandiant ⋅ M-TRENDS 2021 Cobalt Strike SUNBURST |
2021 ⋅ DomainTools ⋅ Conceptualizing a Continuum of Cyber Threat Attribution CHINACHOPPER SUNBURST |
2021 ⋅ Symantec ⋅ Supply Chain Attacks:Cyber Criminals Target the Weakest Link Cobalt Strike Raindrop SUNBURST TEARDROP |
2020-12-31 ⋅ IronNet ⋅ SolarWinds/SUNBURST: Behavioral analytics and Collective Defense in action SUNBURST |
2020-12-31 ⋅ Microsoft ⋅ Microsoft Internal Solorigate Investigation Update SUNBURST |
2020-12-30 ⋅ Recorded Future ⋅ SOLARWINDS ATTRIBUTION: Are We Getting Ahead of Ourselves? An Analysis of UNC2452 Attribution SUNBURST |
2020-12-29 ⋅ Netresec ⋅ Extracting Security Products from SUNBURST DNS Beacons SUNBURST |
2020-12-29 ⋅ CyberArk ⋅ Golden SAML Revisited: The Solorigate Connection SUNBURST |
2020-12-28 ⋅ Microsoft ⋅ Using Microsoft 365 Defender to protect against Solorigate SUNBURST TEARDROP |
2020-12-25 ⋅ Comae ⋅ SUNBURST & Memory Analysis SUNBURST |
2020-12-24 ⋅ FireEye ⋅ SUNBURST Additional Technical Details SUNBURST |
2020-12-23 ⋅ CrowdStrike ⋅ CrowdStrike Launches Free Tool to Identify and Help Mitigate Risks in Azure Active Directory SUNBURST |
2020-12-23 ⋅ Palo Alto Networks Unit 42 ⋅ A Timeline Perspective of the SolarStorm Supply-Chain Attack SUNBURST TEARDROP |
2020-12-23 ⋅ Qianxin ⋅ 从Solarwinds供应链攻击(金链熊)看APT行动中的隐蔽作战 SUNBURST |
2020-12-23 ⋅ Prevasio ⋅ DNS Tunneling In The SolarWinds Supply Chain Attack SUNBURST |
2020-12-22 ⋅ Prevasio ⋅ Sunburst Backdoor, Part III: DGA & Security Software (Broken Link) SUNBURST |
2020-12-22 ⋅ Symantec ⋅ SolarWinds Attacks: Stealthy Attackers Attempted To Evade Detection SUNBURST |
2020-12-22 ⋅ Checkpoint ⋅ SUNBURST, TEARDROP and the NetSec New Normal SUNBURST TEARDROP |
2020-12-22 ⋅ Youtube (Colin Hardy) ⋅ SUNBURST SolarWinds RECON - Malware Reverse Engineering, OSINT and Identifying Victims SUNBURST |
2020-12-22 ⋅ Medium mitre-attack ⋅ Identifying UNC2452-Related Techniques for ATT&CK SUNBURST TEARDROP UNC2452 |
2020-12-22 ⋅ Zscaler ⋅ The Hitchhiker’s Guide to SolarWinds Incident Response SUNBURST |
2020-12-22 ⋅ Microsoft ⋅ Azure AD workbook to help you assess Solorigate risk SUNBURST |
2020-12-22 ⋅ FBI ⋅ PIN Number 20201222-001: Advanced Persistent Threat Actors Leverage SolarWinds Vulnerabilities SUNBURST |
2020-12-21 ⋅ IronNet ⋅ SolarWinds/SUNBURST: DGA or DNS Tunneling? SUNBURST |
2020-12-21 ⋅ SophosLabs Uncut ⋅ How SunBurst malware does defense evasion SUNBURST UNC2452 |
2020-12-21 ⋅ Microsoft ⋅ Solorigate Resource Center SUNBURST TEARDROP |
2020-12-21 ⋅ Microsoft ⋅ Understanding "Solorigate"'s Identity IOCs - for Identity Vendors and their customers. SUNBURST |
2020-12-21 ⋅ Fortinet ⋅ What We Have Learned So Far about the “Sunburst”/SolarWinds Hack Cobalt Strike SUNBURST TEARDROP |
2020-12-21 ⋅ McAfee ⋅ How A Device to Cloud Architecture Defends Against the SolarWinds Supply Chain Compromise SUNBURST |
2020-12-20 ⋅ Medium Asuna Amawaka ⋅ A Look into SUNBURST’s DGA SUNBURST |
2020-12-20 ⋅ Twitter (@TychoTithonus) ⋅ SolarWinds/SunBurst FNV-1a-XOR hashes found in analysis SUNBURST |
2020-12-19 ⋅ Bleeping Computer ⋅ The SolarWinds cyberattack: The hack, the victims, and what we know SUNBURST |
2020-12-18 ⋅ Kaspersky Labs ⋅ Sunburst: connecting the dots in the DNS requests SUNBURST |
2020-12-18 ⋅ Elastic ⋅ Combining supervised and unsupervised machine learning for DGA detection SUNBURST |
2020-12-18 ⋅ IBM ⋅ SUNBURST indicator detection in QRadar SUNBURST |
2020-12-18 ⋅ DomainTools ⋅ Continuous Eruption: Further Analysis of the SolarWinds Supply Chain Incident SUNBURST |
2020-12-18 ⋅ Microsoft ⋅ Analyzing Solorigate, the compromised DLL file that started a sophisticated cyberattack, and how Microsoft Defender helps protect customers SUNBURST SUPERNOVA TEARDROP UNC2452 |
2020-12-18 ⋅ Cloudflare ⋅ A quirk in the SUNBURST DGA algorithm SUNBURST |
2020-12-18 ⋅ ThreatConnect ⋅ Tracking Sunburst-Related Activity with ThreatConnect Dashboards SUNBURST |
2020-12-18 ⋅ Sentinel LABS ⋅ SolarWinds SUNBURST Backdoor: Inside the APT Campaign SUNBURST |
2020-12-17 ⋅ Prevasio ⋅ Sunburst Backdoor, Part II: DGA & The List of Victims SUNBURST |
2020-12-17 ⋅ McAfee ⋅ Additional Analysis into the SUNBURST Backdoor SUNBURST |
2020-12-17 ⋅ splunk ⋅ Onboarding Threat Indicators into Splunk Enterprise Security: SolarWinds Continued SUNBURST |
2020-12-17 ⋅ US-CERT ⋅ Alert (AA20-352A): Advanced Persistent Threat Compromise of Government Agencies, Critical Infrastructure, and Private Sector Organizations SUNBURST |
2020-12-17 ⋅ Netresec ⋅ Reassembling Victim Domain Fragments from SUNBURST DNS SUNBURST |
2020-12-17 ⋅ Microsoft ⋅ A moment of reckoning: the need for a strong and global cybersecurity response SUNBURST |
2020-12-17 ⋅ TRUESEC ⋅ The SolarWinds Orion SUNBURST supply-chain Attack SUNBURST |
2020-12-17 ⋅ TrustedSec ⋅ SolarWinds Backdoor (Sunburst) Incident Response Playbook SUNBURST |
2020-12-17 ⋅ Youtube (Colin Hardy) ⋅ SUNBURST SolarWinds Malware - Tools, Tactics and Methods to get you started with Reverse Engineering SUNBURST |
2020-12-17 ⋅ Twitter (@megabeets_) ⋅ Tweet on SUNBURST malware discussing some of its evasion techniques SUNBURST |
2020-12-16 ⋅ Bleeping Computer ⋅ FireEye, Microsoft create kill switch for SolarWinds backdoor SUNBURST |
2020-12-16 ⋅ Qianxin ⋅ 中招目标首次披露:SolarWinds供应链攻击相关域名生成算法可破解! SUNBURST |
2020-12-16 ⋅ Microsoft ⋅ SolarWinds Post-Compromise Hunting with Azure Sentinel SUNBURST |
2020-12-16 ⋅ Twitter @cybercdh) ⋅ Tweet on 3 key actions SUNBURST performs as soon as it's invoked SUNBURST |
2020-12-16 ⋅ Intel 471 ⋅ Intel471's full statement on their knowledge of SolarWinds and the cybercriminal underground SUNBURST |
2020-12-16 ⋅ Pastebin ⋅ Paste of subdomain & DGA domain names used in SolarWinds attack SUNBURST UNC2452 |
2020-12-16 ⋅ ReversingLabs ⋅ SunBurst: the next level of stealth SolarWinds compromise exploited through sophistication and patience SUNBURST |
2020-12-16 ⋅ Github (RedDrip7) ⋅ A script to decode SUNBURST DGA domain SUNBURST |
2020-12-16 ⋅ Twitter (@0xrb) ⋅ List of domain infrastructure including DGA domain used by UNC2452 SUNBURST |
2020-12-16 ⋅ Twitter (@FireEye) ⋅ Tweet on SUNBURST from FireEye detailing some additional information SUNBURST |
2020-12-16 ⋅ Cyborg Security ⋅ SUNBURST: SolarWinds Supply-Chain Attack SUNBURST |
2020-12-16 ⋅ Cloudflare ⋅ Trend data on the SolarWinds Orion compromise SUNBURST |
2020-12-15 ⋅ Github (sophos-cybersecurity) ⋅ solarwinds-threathunt Cobalt Strike SUNBURST |
2020-12-15 ⋅ Twitter @cybercdh) ⋅ Tweet on some more capabilties of SUNBURST backdoor SUNBURST |
2020-12-15 ⋅ Prevasio ⋅ Sunburst Backdoor: A Deeper Look Into The SolarWinds' Supply Chain Malware (Broken link) SUNBURST |
2020-12-15 ⋅ Twitter @cybercdh) ⋅ Tweet on CyberChef recipe to extract and decode strings from #SolarWinds malware binaries. SUNBURST |
2020-12-15 ⋅ Corelight ⋅ Finding SUNBURST Backdoor with Zeek Logs & Corelight SUNBURST |
2020-12-15 ⋅ 360 Threat Intelligence Center ⋅ Operation Falling Eagle-the secret of the most influential supply chain attack in history SUNBURST |
2020-12-15 ⋅ PICUS Security ⋅ Tactics, Techniques, and Procedures (TTPs) Used in the SolarWinds Breach Cobalt Strike SUNBURST |
2020-12-15 ⋅ Cyborg Security ⋅ Threat Hunt Deep Dives: SolarWinds Supply Chain Compromise (Solorigate / SUNBURST Backdoor) SUNBURST |
2020-12-14 ⋅ Solarwind ⋅ Security Advisory on SolarWinds Supply chain attack FAQ SUNBURST SUPERNOVA |
2020-12-14 ⋅ TrustedSec ⋅ SolarWinds Orion and UNC2452 – Summary and Recommendations SUNBURST |
2020-12-14 ⋅ Cisco Talos ⋅ Threat Advisory: SolarWinds supply chain attack SUNBURST TEARDROP |
2020-12-14 ⋅ Volexity ⋅ Dark Halo Leverages SolarWinds Compromise to Breach Organizations SUNBURST |
2020-12-14 ⋅ Twitter (@lordx64) ⋅ Tweet on a one liner to decrypt SUNBURST backdoor SUNBURST |
2020-12-14 ⋅ Twitter (@ItsReallyNick) ⋅ Tweet on summarizing post-compromise actvity of UNC2452 SUNBURST |
2020-12-14 ⋅ Sophos ⋅ Incident response playbook for responding to SolarWinds Orion compromise SUNBURST |
2020-12-14 ⋅ Twitter (@KimZetter) ⋅ Tweet thread on microsoft report on Solarwind supply chain attack by UNC2452 SUNBURST |
2020-12-14 ⋅ Solarwind ⋅ Security Advisory on SolarWinds Supply chain attack SUNBURST SUPERNOVA |
2020-12-14 ⋅ FireEye Sunburst KQL Detections SUNBURST |
2020-12-14 ⋅ Symantec ⋅ Sunburst: Supply Chain Attack Targets SolarWinds Users SUNBURST TEARDROP |
2020-12-14 ⋅ Cado Security ⋅ Responding to Solarigate SUNBURST |
2020-12-14 ⋅ DomainTools ⋅ Unraveling Network Infrastructure Linked to the SolarWinds Hack SUNBURST |
2020-12-14 ⋅ splunk ⋅ Using Splunk to Detect Sunburst Backdoor SUNBURST |
2020-12-14 ⋅ Youtube (Ali Hadi) ⋅ Learning about .NET Malware by Going Over the SUNBURST SolarWinds Backdoor SUNBURST |
2020-12-14 ⋅ Palo Alto Networks Unit 42 ⋅ Threat Brief: SolarStorm and SUNBURST Customer Coverage Cobalt Strike SUNBURST |
2020-12-13 ⋅ Directory: /samples/Exotic/UNC2452/SolarWinds Breach/ SUNBURST |
2020-12-13 ⋅ Microsoft ⋅ Trojan:MSIL/Solorigate.B!dha SUNBURST |
2020-12-13 ⋅ CISA ⋅ Active Exploitation of SolarWinds Software SUNBURST |
2020-12-13 ⋅ Github (fireeye) ⋅ SUNBURST Countermeasures SUNBURST SUPERNOVA TEARDROP UNC2452 |
2020-12-13 ⋅ FireEye ⋅ Highly Evasive Attacker Leverages SolarWinds Supply Chain to Compromise Multiple Global Victims With SUNBURST Backdoor SUNBURST SUPERNOVA TEARDROP UNC2452 |
2020-12-08 ⋅ Securonix ⋅ Detecting SolarWinds/SUNBURST/ECLIPSER Supply Chain Attacks SUNBURST |
2020-12 ⋅ FireEye ⋅ Solarwinds Breach Resource Center SUNBURST |
2020-01-22 ⋅ The malware analyst’s guide to PE timestamps Azorult Gozi IcedID ISFB LOLSnif SUNBURST TEARDROP |