| SYMBOL | COMMON_NAME | aka. SYNONYMS |
Actor(s): APT 29, UNC2452
FireEye describes SUNBURST as a trojanized SolarWinds digitally-signed component of the Orion software framework that contains a backdoor that communicates via HTTP to third party servers. After an initial dormant period of up to two weeks, it uses a DGA to generate specific subdomains for a set C&C domain. The backdoor retrieves and executes commands, that include the ability to transfer files, execute files, profile the system, reboot the machine, and disable system services. The C2 traffic to the malicious domains is designed to mimic normal SolarWinds API communications: Orion Improvement Program (OIP) protocol. The backdoor uses multiple obfuscated blocklists to identify forensic and anti-virus tools running as processes, services, and drivers. Multiple trojanzied updates were digitally signed from March - May 2020 and posted to the SolarWinds updates website.
| 2023-04-13
⋅
⋅
CERT.PL
⋅
CERT Polska and SKW warn against the activities of Russian spies BOOMBOX EnvyScout SUNBURST |
| 2022-09-10
⋅
Malware development: persistence - part 10. Using Image File Execution Options. Simple C++ example. SUNBURST |
| 2022-07-31
⋅
BushidoToken Blog
⋅
Space Invaders: Cyber Threats That Are Out Of This World Poison Ivy Raindrop SUNBURST TEARDROP WastedLocker |
| 2022-07-18
⋅
Palo Alto Networks Unit 42
⋅
Solar Phoenix SUNBURST TEARDROP UNC2452 |
| 2022-06-18
⋅
R136a1
⋅
Using dotnetfile to get a Sunburst timeline for intelligence gathering SUNBURST |
| 2022-04-27
⋅
Mandiant
⋅
Assembling the Russian Nesting Doll: UNC2452 Merged into APT29 Cobalt Strike Raindrop SUNBURST TEARDROP |
| 2021-12-29
⋅
Palo Alto Networks Unit 42
⋅
Strategically Aged Domain Detection: Capture APT Attacks With DNS Traffic Trends Chrysaor SUNBURST |
| 2021-09-02
⋅
Bleeping Computer
⋅
Autodesk reveals it was targeted by Russian SolarWinds hackers SUNBURST |
| 2021-07-27
⋅
Gigamon
⋅
Ghosts on the Wire: Expanding Conceptions of Network Anomalies SUNBURST |
| 2021-07-13
⋅
YouTube ( Matt Soseman)
⋅
Solarwinds and SUNBURST attacks compromised my lab! Cobalt Strike Raindrop SUNBURST TEARDROP |
| 2021-06-12
⋅
YouTube (BSidesBoulder)
⋅
Same and Different - sesame street level attribution Kazuar SUNBURST |
| 2021-06-01
⋅
SANS
⋅
A Contrarian View on SolarWinds Cobalt Strike Raindrop SUNBURST TEARDROP |
| 2021-05-31
⋅
Wired
⋅
Hacker Lexicon: What Is a Supply Chain Attack? EternalPetya SUNBURST |
| 2021-05-14
⋅
CISA
⋅
Analysis Report (AR21-134A): Eviction Guidance for Networks Affected by the SolarWinds and Active Directory/M365 Compromise SUNBURST |
| 2021-05-08
⋅
The Record
⋅
SolarWinds says fewer than 100 customers were impacted by supply chain attack SUNBURST |
| 2021-05-07
⋅
SolarWinds
⋅
An Investigative Update of the Cyberattack SUNBURST |
| 2021-04-22
⋅
RiskIQ
⋅
SolarWinds: Advancing the Story SUNBURST |
| 2021-04-15
⋅
European Council
⋅
Declaration by the High Representative on behalf of the European Union expressing solidarity with the United States on the impact of the SolarWinds cyber operation SUNBURST |
| 2021-04-15
⋅
North Atlantic Treaty Organization
⋅
North Atlantic Council Statement following the announcement by the United States of actions with regard to Russia SUNBURST |
| 2021-04-15
⋅
Ministry of Foreign Affairs Republic of Poland
⋅
Statement on Solar Winds Orion cyberattacks SUNBURST |
| 2021-04-15
⋅
Ministry of foreign affairs of the Republic of Latvia
⋅
Latvia’s statement following the announcement by the United States of actions to respond to the Russian Federation’s destabilizing activities (Deadlink) SUNBURST |
| 2021-03-18
⋅
Github (cisagov)
⋅
CISA Hunt and Incident Response Program (CHIRP) SUNBURST |
| 2021-03-18
⋅
CISA
⋅
Alert (AA21-077A): Detecting Post-Compromise Threat Activity Using the CHIRP IOC Detection Tool SUNBURST |
| 2021-03-17
⋅
CISA
⋅
SolarWinds and Active Directory/M365 Compromise: Detecting Advanced Persistent Threat Activity from Known Tactics, Techniques, and Procedures (Dead Link) SUNBURST |
| 2021-03-16
⋅
Mimecast
⋅
Incident Report SUNBURST |
| 2021-03-10
⋅
US-CERT
⋅
Remediating Networks Affected by the SolarWinds and Active Directory/M365 Compromise SUNBURST |
| 2021-03-08
⋅
Youtube (SANS Digital Forensics and Incident Response)
⋅
STAR Webcast: Making sense of SolarWinds through the lens of MITRE ATT&CK(R) Cobalt Strike SUNBURST TEARDROP |
| 2021-03-04
⋅
Microsoft
⋅
GoldMax, GoldFinder, and Sibot: Analyzing NOBELIUM’s layered persistence SUNBURST TEARDROP UNC2452 |
| 2021-03-01
⋅
Microsoft
⋅
Detect and defend against the recent nation-state cyber attack SUNBURST |
| 2021-02-28
⋅
PWC UK
⋅
Cyber Threats 2020: A Year in Retrospect elf.wellmess FlowerPower PowGoop 8.t Dropper Agent.BTZ Agent Tesla Appleseed Ave Maria Bankshot BazarBackdoor BLINDINGCAN Chinoxy Conti Cotx RAT Crimson RAT DUSTMAN Emotet FriedEx FunnyDream Hakbit Mailto Maze METALJACK Nefilim Oblique RAT Pay2Key PlugX QakBot REvil Ryuk StoneDrill StrongPity SUNBURST SUPERNOVA TrickBot TurlaRPC Turla SilentMoon WastedLocker WellMess Winnti ZeroCleare APT10 APT23 APT27 APT31 APT41 BlackTech BRONZE EDGEWOOD Inception Framework MUSTANG PANDA Red Charon Red Nue Sea Turtle Tonto Team |
| 2021-02-26
⋅
YouTube (Oversight Committee)
⋅
Weathering the Storm: The Role of Private Tech in the SolarWinds Breach and Ongoing Campaign SUNBURST |
| 2021-02-25
⋅
BrightTALK (FireEye)
⋅
Light in the Dark: Hunting for SUNBURST SUNBURST |
| 2021-02-25
⋅
Microsoft
⋅
Microsoft open sources CodeQL queries used to hunt for Solorigate activity SUNBURST |
| 2021-02-25
⋅
Microsoft
⋅
CodeQL queries to hunt for Solorigate activity SUNBURST |
| 2021-02-24
⋅
Bleeping Computer
⋅
NASA and the FAA were also breached by the SolarWinds hackers SUNBURST |
| 2021-02-23
⋅
CrowdStrike
⋅
2021 Global Threat Report RansomEXX Amadey Anchor Avaddon BazarBackdoor Clop Cobalt Strike Conti Cutwail DanaBot DarkSide DoppelPaymer Dridex Egregor Emotet Hakbit IcedID JSOutProx KerrDown LockBit Mailto Maze MedusaLocker Mespinoza Mount Locker NedDnLoader Nemty Pay2Key PlugX Pushdo PwndLocker PyXie QakBot Quasar RAT RagnarLocker Ragnarok RansomEXX REvil Ryuk Sekhmet ShadowPad SmokeLoader Snake SUNBURST SunCrypt TEARDROP TrickBot WastedLocker Winnti Zloader Evilnum OUTLAW SPIDER RIDDLE SPIDER SOLAR SPIDER VIKING SPIDER |
| 2021-02-19
⋅
THE NEW STACK
⋅
Behind the Scenes of the SunBurst Attack SUNBURST |
| 2021-02-17
⋅
YouTube (The White House)
⋅
Update on Investigaton on Solarwinds supply chain attack from the Deputy National Security Advisor SUNBURST |
| 2021-02-17
⋅
Netresec
⋅
Targeting Process for the SolarWinds Backdoor SUNBURST |
| 2021-02-17
⋅
apirro
⋅
Detect and prevent the SolarWinds build-time code injection attack SUNBURST |
| 2021-02-16
⋅
Accenture
⋅
Hard lessons learned: Threat intel takeaways from the community response to Solarigate SUNBURST TEARDROP |
| 2021-02-16
⋅
FireEye
⋅
Light in the Dark: Hunting for SUNBURST SUNBURST |
| 2021-02-08
⋅
US-CERT
⋅
Malware Analysis Report (AR21-039A): SUNBURST SUNBURST |
| 2021-01-29
⋅
Aon
⋅
Cloudy with a Chance of Persistent Email Access SUNBURST |
| 2021-01-28
⋅
Check Point
⋅
Deep into the SunBurst Attack SUNBURST |
| 2021-01-28
⋅
YouTube (Microsoft Security Community)
⋅
Microsoft 365 Defender webinar: Protect, Detect, and Respond to Solorigate using M365 Defender SUNBURST |
| 2021-01-26
⋅
Kaspersky Labs
⋅
SunBurst industrial victims SUNBURST |
| 2021-01-26
⋅
Bleeping Computer
⋅
Mimecast links security breach to SolarWinds hackers SUNBURST |
| 2021-01-26
⋅
Mimecast
⋅
Important Security Update SUNBURST |
| 2021-01-26
⋅
Fidelis
⋅
Ongoing Analysis of SolarWinds Impacts SUNBURST |
| 2021-01-25
⋅
Netresec
⋅
Twenty-three SUNBURST Targets Identified SUNBURST |
| 2021-01-25
⋅
ZenGo
⋅
Ungilded Secrets: A New Paradigm for Key Security SUNBURST |
| 2021-01-24
⋅
Medium vrieshd
⋅
Finding SUNBURST victims and targets by using passive DNS, OSINT SUNBURST |
| 2021-01-22
⋅
Symantec
⋅
SolarWinds: How Sunburst Sends Data Back to the Attackers SUNBURST |
| 2021-01-22
⋅
DomainTools
⋅
Change in Perspective on the Utility of SUNBURST-related Network Indicators SUNBURST |
| 2021-01-21
⋅
NetbyteSEC
⋅
Solarwinds Attack: Sunburst's DLL Technical Analysis SUNBURST |
| 2021-01-20
⋅
Microsoft
⋅
Deep dive into the Solorigate second-stage activation: From SUNBURST to TEARDROP and Raindrop Cobalt Strike SUNBURST TEARDROP |
| 2021-01-19
⋅
Github (fireeye)
⋅
Mandiant Azure AD Investigator: Focusing on UNC2452 TTPs SUNBURST |
| 2021-01-18
⋅
Symantec
⋅
Raindrop: New Malware Discovered in SolarWinds Investigation Cobalt Strike Raindrop SUNBURST TEARDROP |
| 2021-01-17
⋅
a12d404
⋅
Backdooring MSBuild SUNBURST |
| 2021-01-15
⋅
Symantec
⋅
SolarWinds: Insights into Attacker Command and Control Process SUNBURST |
| 2021-01-14
⋅
Microsoft
⋅
Increasing resilience against Solorigate and other sophisticated attacks with Microsoft Defender SUNBURST |
| 2021-01-14
⋅
DomainTools
⋅
The Devil’s in the Details: SUNBURST Attribution SUNBURST |
| 2021-01-12
⋅
BrightTALK (FireEye)
⋅
UNC2452: What We Know So Far Cobalt Strike SUNBURST TEARDROP |
| 2021-01-11
⋅
Kaspersky Labs
⋅
Sunburst backdoor – code overlaps with Kazuar Kazuar SUNBURST |
| 2021-01-11
⋅
SolarWinds
⋅
New Findings From Our Investigation of SUNBURST Cobalt Strike SUNBURST TEARDROP |
| 2021-01-11
⋅
CrowdStrike
⋅
SUNSPOT: An Implant in the Build Process SUNBURST |
| 2021-01-11
⋅
Netresec
⋅
Robust Indicators of Compromise for SUNBURST SUNBURST |
| 2021-01-08
⋅
US-CERT
⋅
Alert (AA21-008A): Detecting Post-Compromise Threat Activity in Microsoft Cloud Environments SUNBURST SUPERNOVA |
| 2021-01-08
⋅
splunk
⋅
A Golden SAML Journey: SolarWinds Continued SUNBURST |
| 2021-01-07
⋅
Symantec
⋅
SolarWinds: How a Rare DGA Helped Attacker Communications Fly Under the Radar SUNBURST |
| 2021-01-07
⋅
TRUESEC
⋅
Avoiding supply-chain attacks similar to SolarWinds Orion’s (SUNBURST) SUNBURST |
| 2021-01-06
⋅
Department of Justice
⋅
Department of Justice Statement on Solarwinds Update SUNBURST |
| 2021-01-06
⋅
Github (SentinelLabs)
⋅
SolarWinds_Countermeasures SUNBURST |
| 2021-01-06
⋅
MITRE
⋅
ATT&CK Navigator layer for UNC2452 SUNBURST |
| 2021-01-06
⋅
CISA
⋅
Supply Chain Compromise SUNBURST |
| 2021-01-05
⋅
⋅
Sangfor
⋅
Red team's perspective on the TTPs in Sunburst's backdoor SUNBURST |
| 2021-01-05
⋅
Joint Statement by the Federal Bureau of Investigation (FBI), the Cybersecurity and Infrastructure Security Agency (CISA), the Office of the Director of National Intelligence (ODNI), and the National Security Agency (NSA) SUNBURST |
| 2021-01-04
⋅
Netresec
⋅
Finding Targeted SUNBURST Victims with pDNS SUNBURST |
| 2021-01-01
⋅
DomainTools
⋅
Conceptualizing a Continuum of Cyber Threat Attribution CHINACHOPPER SUNBURST |
| 2021-01-01
⋅
Mandiant
⋅
M-TRENDS 2021 Cobalt Strike SUNBURST |
| 2021-01-01
⋅
Symantec
⋅
Supply Chain Attacks:Cyber Criminals Target the Weakest Link Cobalt Strike Raindrop SUNBURST TEARDROP |
| 2020-12-31
⋅
Microsoft
⋅
Microsoft Internal Solorigate Investigation Update SUNBURST |
| 2020-12-31
⋅
IronNet
⋅
SolarWinds/SUNBURST: Behavioral analytics and Collective Defense in action SUNBURST |
| 2020-12-30
⋅
Recorded Future
⋅
SOLARWINDS ATTRIBUTION: Are We Getting Ahead of Ourselves? An Analysis of UNC2452 Attribution SUNBURST |
| 2020-12-29
⋅
Netresec
⋅
Extracting Security Products from SUNBURST DNS Beacons SUNBURST |
| 2020-12-29
⋅
CyberArk
⋅
Golden SAML Revisited: The Solorigate Connection SUNBURST |
| 2020-12-28
⋅
Microsoft
⋅
Using Microsoft 365 Defender to protect against Solorigate SUNBURST TEARDROP |
| 2020-12-25
⋅
Comae
⋅
SUNBURST & Memory Analysis SUNBURST |
| 2020-12-24
⋅
FireEye
⋅
SUNBURST Additional Technical Details SUNBURST |
| 2020-12-23
⋅
⋅
Qianxin
⋅
从Solarwinds供应链攻击(金链熊)看APT行动中的隐蔽作战 SUNBURST |
| 2020-12-23
⋅
Palo Alto Networks Unit 42
⋅
A Timeline Perspective of the SolarStorm Supply-Chain Attack SUNBURST TEARDROP |
| 2020-12-23
⋅
CrowdStrike
⋅
CrowdStrike Launches Free Tool to Identify and Help Mitigate Risks in Azure Active Directory SUNBURST |
| 2020-12-23
⋅
Prevasio
⋅
DNS Tunneling In The SolarWinds Supply Chain Attack SUNBURST |
| 2020-12-22
⋅
Checkpoint
⋅
SUNBURST, TEARDROP and the NetSec New Normal SUNBURST TEARDROP |
| 2020-12-22
⋅
Symantec
⋅
SolarWinds Attacks: Stealthy Attackers Attempted To Evade Detection SUNBURST |
| 2020-12-22
⋅
Microsoft
⋅
Azure AD workbook to help you assess Solorigate risk SUNBURST |
| 2020-12-22
⋅
Medium mitre-attack
⋅
Identifying UNC2452-Related Techniques for ATT&CK SUNBURST TEARDROP UNC2452 |
| 2020-12-22
⋅
Youtube (Colin Hardy)
⋅
SUNBURST SolarWinds RECON - Malware Reverse Engineering, OSINT and Identifying Victims SUNBURST |
| 2020-12-22
⋅
FBI
⋅
PIN Number 20201222-001: Advanced Persistent Threat Actors Leverage SolarWinds Vulnerabilities SUNBURST |
| 2020-12-22
⋅
Zscaler
⋅
The Hitchhiker’s Guide to SolarWinds Incident Response SUNBURST |
| 2020-12-22
⋅
Prevasio
⋅
Sunburst Backdoor, Part III: DGA & Security Software (Broken Link) SUNBURST |
| 2020-12-21
⋅
SophosLabs Uncut
⋅
How SunBurst malware does defense evasion SUNBURST UNC2452 |
| 2020-12-21
⋅
Microsoft
⋅
Understanding "Solorigate"'s Identity IOCs - for Identity Vendors and their customers. SUNBURST |
| 2020-12-21
⋅
McAfee
⋅
How A Device to Cloud Architecture Defends Against the SolarWinds Supply Chain Compromise SUNBURST |
| 2020-12-21
⋅
Microsoft
⋅
Solorigate Resource Center SUNBURST TEARDROP |
| 2020-12-21
⋅
IronNet
⋅
SolarWinds/SUNBURST: DGA or DNS Tunneling? SUNBURST |
| 2020-12-21
⋅
Fortinet
⋅
What We Have Learned So Far about the “Sunburst”/SolarWinds Hack Cobalt Strike SUNBURST TEARDROP |
| 2020-12-20
⋅
Medium Asuna Amawaka
⋅
A Look into SUNBURST’s DGA SUNBURST |
| 2020-12-20
⋅
Twitter (@TychoTithonus)
⋅
SolarWinds/SunBurst FNV-1a-XOR hashes found in analysis SUNBURST |
| 2020-12-19
⋅
Bleeping Computer
⋅
The SolarWinds cyberattack: The hack, the victims, and what we know SUNBURST |
| 2020-12-18
⋅
Cloudflare
⋅
A quirk in the SUNBURST DGA algorithm SUNBURST |
| 2020-12-18
⋅
DomainTools
⋅
Continuous Eruption: Further Analysis of the SolarWinds Supply Chain Incident SUNBURST |
| 2020-12-18
⋅
Kaspersky Labs
⋅
Sunburst: connecting the dots in the DNS requests SUNBURST |
| 2020-12-18
⋅
Elastic
⋅
Combining supervised and unsupervised machine learning for DGA detection SUNBURST |
| 2020-12-18
⋅
ThreatConnect
⋅
Tracking Sunburst-Related Activity with ThreatConnect Dashboards SUNBURST |
| 2020-12-18
⋅
Microsoft
⋅
Analyzing Solorigate, the compromised DLL file that started a sophisticated cyberattack, and how Microsoft Defender helps protect customers SUNBURST SUPERNOVA TEARDROP UNC2452 |
| 2020-12-18
⋅
Sentinel LABS
⋅
SolarWinds SUNBURST Backdoor: Inside the APT Campaign SUNBURST |
| 2020-12-18
⋅
IBM
⋅
SUNBURST indicator detection in QRadar SUNBURST |
| 2020-12-17
⋅
US-CERT
⋅
Alert (AA20-352A): Advanced Persistent Threat Compromise of Government Agencies, Critical Infrastructure, and Private Sector Organizations SUNBURST |
| 2020-12-17
⋅
Microsoft
⋅
A moment of reckoning: the need for a strong and global cybersecurity response SUNBURST |
| 2020-12-17
⋅
Twitter (@megabeets_)
⋅
Tweet on SUNBURST malware discussing some of its evasion techniques SUNBURST |
| 2020-12-17
⋅
McAfee
⋅
Additional Analysis into the SUNBURST Backdoor SUNBURST |
| 2020-12-17
⋅
Youtube (Colin Hardy)
⋅
SUNBURST SolarWinds Malware - Tools, Tactics and Methods to get you started with Reverse Engineering SUNBURST |
| 2020-12-17
⋅
TRUESEC
⋅
The SolarWinds Orion SUNBURST supply-chain Attack SUNBURST |
| 2020-12-17
⋅
Netresec
⋅
Reassembling Victim Domain Fragments from SUNBURST DNS SUNBURST |
| 2020-12-17
⋅
TrustedSec
⋅
SolarWinds Backdoor (Sunburst) Incident Response Playbook SUNBURST |
| 2020-12-17
⋅
splunk
⋅
Onboarding Threat Indicators into Splunk Enterprise Security: SolarWinds Continued SUNBURST |
| 2020-12-17
⋅
Prevasio
⋅
Sunburst Backdoor, Part II: DGA & The List of Victims SUNBURST |
| 2020-12-16
⋅
Github (RedDrip7)
⋅
A script to decode SUNBURST DGA domain SUNBURST |
| 2020-12-16
⋅
ReversingLabs
⋅
SunBurst: the next level of stealth SolarWinds compromise exploited through sophistication and patience SUNBURST |
| 2020-12-16
⋅
Intel 471
⋅
Intel471's full statement on their knowledge of SolarWinds and the cybercriminal underground SUNBURST |
| 2020-12-16
⋅
Twitter (@0xrb)
⋅
List of domain infrastructure including DGA domain used by UNC2452 SUNBURST |
| 2020-12-16
⋅
Twitter (@FireEye)
⋅
Tweet on SUNBURST from FireEye detailing some additional information SUNBURST |
| 2020-12-16
⋅
⋅
Qianxin
⋅
中招目标首次披露:SolarWinds供应链攻击相关域名生成算法可破解! SUNBURST |
| 2020-12-16
⋅
Microsoft
⋅
SolarWinds Post-Compromise Hunting with Azure Sentinel SUNBURST |
| 2020-12-16
⋅
Bleeping Computer
⋅
FireEye, Microsoft create kill switch for SolarWinds backdoor SUNBURST |
| 2020-12-16
⋅
Cloudflare
⋅
Trend data on the SolarWinds Orion compromise SUNBURST |
| 2020-12-16
⋅
Twitter @cybercdh)
⋅
Tweet on 3 key actions SUNBURST performs as soon as it's invoked SUNBURST |
| 2020-12-16
⋅
Cyborg Security
⋅
SUNBURST: SolarWinds Supply-Chain Attack SUNBURST |
| 2020-12-16
⋅
Pastebin
⋅
Paste of subdomain & DGA domain names used in SolarWinds attack SUNBURST UNC2452 |
| 2020-12-15
⋅
Corelight
⋅
Finding SUNBURST Backdoor with Zeek Logs & Corelight SUNBURST |
| 2020-12-15
⋅
Github (sophos-cybersecurity)
⋅
solarwinds-threathunt Cobalt Strike SUNBURST |
| 2020-12-15
⋅
PICUS Security
⋅
Tactics, Techniques, and Procedures (TTPs) Used in the SolarWinds Breach Cobalt Strike SUNBURST |
| 2020-12-15
⋅
Twitter @cybercdh)
⋅
Tweet on CyberChef recipe to extract and decode strings from #SolarWinds malware binaries. SUNBURST |
| 2020-12-15
⋅
Twitter @cybercdh)
⋅
Tweet on some more capabilties of SUNBURST backdoor SUNBURST |
| 2020-12-15
⋅
⋅
360 Threat Intelligence Center
⋅
Operation Falling Eagle-the secret of the most influential supply chain attack in history SUNBURST |
| 2020-12-15
⋅
Cyborg Security
⋅
Threat Hunt Deep Dives: SolarWinds Supply Chain Compromise (Solorigate / SUNBURST Backdoor) SUNBURST |
| 2020-12-15
⋅
Prevasio
⋅
Sunburst Backdoor: A Deeper Look Into The SolarWinds' Supply Chain Malware (Broken link) SUNBURST |
| 2020-12-14
⋅
Twitter (@KimZetter)
⋅
Tweet thread on microsoft report on Solarwind supply chain attack by UNC2452 SUNBURST |
| 2020-12-14
⋅
Cado Security
⋅
Responding to Solarigate SUNBURST |
| 2020-12-14
⋅
Twitter (@ItsReallyNick)
⋅
Tweet on summarizing post-compromise actvity of UNC2452 SUNBURST |
| 2020-12-14
⋅
Twitter (@lordx64)
⋅
Tweet on a one liner to decrypt SUNBURST backdoor SUNBURST |
| 2020-12-14
⋅
FireEye Sunburst KQL Detections SUNBURST |
| 2020-12-14
⋅
splunk
⋅
Using Splunk to Detect Sunburst Backdoor SUNBURST |
| 2020-12-14
⋅
DomainTools
⋅
Unraveling Network Infrastructure Linked to the SolarWinds Hack SUNBURST |
| 2020-12-14
⋅
Volexity
⋅
Dark Halo Leverages SolarWinds Compromise to Breach Organizations SUNBURST |
| 2020-12-14
⋅
Palo Alto Networks Unit 42
⋅
Threat Brief: SolarStorm and SUNBURST Customer Coverage Cobalt Strike SUNBURST |
| 2020-12-14
⋅
Sophos
⋅
Incident response playbook for responding to SolarWinds Orion compromise SUNBURST |
| 2020-12-14
⋅
TrustedSec
⋅
SolarWinds Orion and UNC2452 – Summary and Recommendations SUNBURST |
| 2020-12-14
⋅
Youtube (Ali Hadi)
⋅
Learning about .NET Malware by Going Over the SUNBURST SolarWinds Backdoor SUNBURST |
| 2020-12-14
⋅
Cisco Talos
⋅
Threat Advisory: SolarWinds supply chain attack SUNBURST TEARDROP |
| 2020-12-14
⋅
Symantec
⋅
Sunburst: Supply Chain Attack Targets SolarWinds Users SUNBURST TEARDROP |
| 2020-12-14
⋅
Solarwind
⋅
Security Advisory on SolarWinds Supply chain attack SUNBURST SUPERNOVA |
| 2020-12-14
⋅
Solarwind
⋅
Security Advisory on SolarWinds Supply chain attack FAQ SUNBURST SUPERNOVA |
| 2020-12-13
⋅
Directory: /samples/Exotic/UNC2452/SolarWinds Breach/ SUNBURST |
| 2020-12-13
⋅
Microsoft
⋅
Trojan:MSIL/Solorigate.B!dha SUNBURST |
| 2020-12-13
⋅
CISA
⋅
Active Exploitation of SolarWinds Software SUNBURST |
| 2020-12-13
⋅
Github (fireeye)
⋅
SUNBURST Countermeasures SUNBURST SUPERNOVA TEARDROP UNC2452 |
| 2020-12-13
⋅
FireEye
⋅
Highly Evasive Attacker Leverages SolarWinds Supply Chain to Compromise Multiple Global Victims With SUNBURST Backdoor SUNBURST SUPERNOVA TEARDROP UNC2452 |
| 2020-12-08
⋅
Securonix
⋅
Detecting SolarWinds/SUNBURST/ECLIPSER Supply Chain Attacks SUNBURST |
| 2020-12-01
⋅
FireEye
⋅
Solarwinds Breach Resource Center SUNBURST |
| 2020-01-22
⋅
The malware analyst’s guide to PE timestamps Azorult Gozi IcedID ISFB LOLSnif SUNBURST TEARDROP |