Click here to download all references as Bib-File.

Enter keywords to filter the library entries below or Propose new Entry
2021-01-19MalwarebytesMarcin Kleczynski
@online{kleczynski:20210119:malwarebytes:2fe3d7d, author = {Marcin Kleczynski}, title = {{Malwarebytes targeted by Nation State Actor implicated in SolarWinds breach. Evidence suggests abuse of privileged access to Microsoft Office 365 and Azure environments}}, date = {2021-01-19}, organization = {Malwarebytes}, url = {https://blog.malwarebytes.com/malwarebytes-news/2021/01/malwarebytes-targeted-by-nation-state-actor-implicated-in-solarwinds-breach-evidence-suggests-abuse-of-privileged-access-to-microsoft-office-365-and-azure-environments/}, language = {English}, urldate = {2021-01-21} } Malwarebytes targeted by Nation State Actor implicated in SolarWinds breach. Evidence suggests abuse of privileged access to Microsoft Office 365 and Azure environments
2021-01-18SymantecThreat Hunter Team
@online{team:20210118:raindrop:9ab1262, author = {Threat Hunter Team}, title = {{Raindrop: New Malware Discovered in SolarWinds Investigation}}, date = {2021-01-18}, organization = {Symantec}, url = {https://symantec-enterprise-blogs.security.com/blogs/threat-intelligence/solarwinds-raindrop-malware}, language = {English}, urldate = {2021-01-21} } Raindrop: New Malware Discovered in SolarWinds Investigation
Cobalt Strike Raindrop SUNBURST TEARDROP
2021-01-15SymantecThreat Hunter Team
@online{team:20210115:solarwinds:46d0db6, author = {Threat Hunter Team}, title = {{SolarWinds: Insights into Attacker Command and Control Process}}, date = {2021-01-15}, organization = {Symantec}, url = {https://symantec-enterprise-blogs.security.com/blogs/threat-intelligence/solarwinds-sunburst-command-control}, language = {English}, urldate = {2021-01-21} } SolarWinds: Insights into Attacker Command and Control Process
SUNBURST
2021-01-11SolarWindsSudhakar Ramakrishna
@online{ramakrishna:20210111:new:296b621, author = {Sudhakar Ramakrishna}, title = {{New Findings From Our Investigation of SUNBURST}}, date = {2021-01-11}, organization = {SolarWinds}, url = {https://orangematter.solarwinds.com/2021/01/11/new-findings-from-our-investigation-of-sunburst/}, language = {English}, urldate = {2021-01-18} } New Findings From Our Investigation of SUNBURST
Cobalt Strike SUNBURST TEARDROP
2021-01-08splunkMarcus LaFerrera, John Stoner, Lily Lee, James Brodsky, Ryan Kovar
@online{laferrera:20210108:golden:d31442a, author = {Marcus LaFerrera and John Stoner and Lily Lee and James Brodsky and Ryan Kovar}, title = {{A Golden SAML Journey: SolarWinds Continued}}, date = {2021-01-08}, organization = {splunk}, url = {https://www.splunk.com/en_us/blog/security/a-golden-saml-journey-solarwinds-continued.html}, language = {English}, urldate = {2021-01-11} } A Golden SAML Journey: SolarWinds Continued
SUNBURST
2021-01-07SymantecThreat Hunter Team
@online{team:20210107:solarwinds:29f7094, author = {Threat Hunter Team}, title = {{SolarWinds: How a Rare DGA Helped Attacker Communications Fly Under the Radar}}, date = {2021-01-07}, organization = {Symantec}, url = {https://symantec-enterprise-blogs.security.com/blogs/threat-intelligence/solarwinds-unique-dga}, language = {English}, urldate = {2021-01-11} } SolarWinds: How a Rare DGA Helped Attacker Communications Fly Under the Radar
SUNBURST
2021-01-07TRUESECSebastian Olsson
@online{olsson:20210107:avoiding:e492089, author = {Sebastian Olsson}, title = {{Avoiding supply-chain attacks similar to SolarWinds Orion’s (SUNBURST)}}, date = {2021-01-07}, organization = {TRUESEC}, url = {https://blog.truesec.com/2021/01/07/avoiding-supply-chain-attacks-similar-to-solarwinds-orions-sunburst}, language = {English}, urldate = {2021-01-11} } Avoiding supply-chain attacks similar to SolarWinds Orion’s (SUNBURST)
SUNBURST
2021-01-06Department of JusticeDepartment of Justice
@online{justice:20210106:department:b7e85eb, author = {Department of Justice}, title = {{Department of Justice Statement on Solarwinds Update}}, date = {2021-01-06}, organization = {Department of Justice}, url = {https://www.justice.gov/opa/pr/department-justice-statement-solarwinds-update}, language = {English}, urldate = {2021-01-11} } Department of Justice Statement on Solarwinds Update
SUNBURST
2021-01-06Github (SentinelLabs)SentinelLabs
@online{sentinellabs:20210106:solarwindscountermeasures:c2aa91e, author = {SentinelLabs}, title = {{SolarWinds_Countermeasures}}, date = {2021-01-06}, organization = {Github (SentinelLabs)}, url = {https://github.com/SentineLabs/SolarWinds_Countermeasures}, language = {English}, urldate = {2021-01-11} } SolarWinds_Countermeasures
SUNBURST
2021-01-04splunkJohn Stoner
@online{stoner:20210104:detecting:c521df9, author = {John Stoner}, title = {{Detecting Supernova Malware: SolarWinds Continued}}, date = {2021-01-04}, organization = {splunk}, url = {https://www.splunk.com/en_us/blog/security/detecting-supernova-malware-solarwinds-continued.html}, language = {English}, urldate = {2021-01-10} } Detecting Supernova Malware: SolarWinds Continued
SUPERNOVA
2020-12-31IronNetIronNet
@online{ironnet:20201231:solarwindssunburst:1422ef4, author = {IronNet}, title = {{SolarWinds/SUNBURST: Behavioral analytics and Collective Defense in action}}, date = {2020-12-31}, organization = {IronNet}, url = {https://www.ironnet.com/blog/solarwinds/sunburst-behavioral-analytics-and-collective-defense-in-action}, language = {English}, urldate = {2021-01-05} } SolarWinds/SUNBURST: Behavioral analytics and Collective Defense in action
SUNBURST
2020-12-30Recorded FutureJohn Wetzel
@techreport{wetzel:20201230:solarwinds:59c847b, author = {John Wetzel}, title = {{SOLARWINDS ATTRIBUTION: Are We Getting Ahead of Ourselves? An Analysis of UNC2452 Attribution}}, date = {2020-12-30}, institution = {Recorded Future}, url = {https://go.recordedfuture.com/hubfs/reports/pov-2020-1230.pdf}, language = {English}, urldate = {2021-01-05} } SOLARWINDS ATTRIBUTION: Are We Getting Ahead of Ourselves? An Analysis of UNC2452 Attribution
SUNBURST
2020-12-26Twitter (@MalwareRE)Ramin Nafisi
@online{nafisi:20201226:active:6d96005, author = {Ramin Nafisi}, title = {{Tweet on active exploitation of 0day vulnerability in the SolarWinds Orion}}, date = {2020-12-26}, organization = {Twitter (@MalwareRE)}, url = {https://twitter.com/MalwareRE/status/1342888881373503488}, language = {English}, urldate = {2021-01-01} } Tweet on active exploitation of 0day vulnerability in the SolarWinds Orion
SUPERNOVA
2020-12-26CERT.orgSolarwind
@online{solarwind:20201226:solarwinds:472d789, author = {Solarwind}, title = {{SolarWinds Orion API authentication bypass allows remote comand execution (CVE-2020-10148)}}, date = {2020-12-26}, organization = {CERT.org}, url = {https://kb.cert.org/vuls/id/843464}, language = {English}, urldate = {2021-01-01} } SolarWinds Orion API authentication bypass allows remote comand execution (CVE-2020-10148)
2020-12-23QianxinQi AnXin CERT
@online{cert:20201223:solarwindsapt:a237c40, author = {Qi AnXin CERT}, title = {{从Solarwinds供应链攻击(金链熊)看APT行动中的隐蔽作战}}, date = {2020-12-23}, organization = {Qianxin}, url = {https://mp.weixin.qq.com/s/UqXC1vovKUu97569LkYm2Q}, language = {Chinese}, urldate = {2020-12-23} } 从Solarwinds供应链攻击(金链熊)看APT行动中的隐蔽作战
SUNBURST
2020-12-23Sentinel LABSMarco Figueroa, James Haughom, Jim Walter
@online{figueroa:20201223:solarwinds:ff463f0, author = {Marco Figueroa and James Haughom and Jim Walter}, title = {{SolarWinds | Understanding & Detecting the SUPERNOVA Webshell Trojan}}, date = {2020-12-23}, organization = {Sentinel LABS}, url = {https://labs.sentinelone.com/solarwinds-understanding-detecting-the-supernova-webshell-trojan/}, language = {English}, urldate = {2020-12-26} } SolarWinds | Understanding & Detecting the SUPERNOVA Webshell Trojan
SUPERNOVA
2020-12-23PrevasioSergei Shevchenko
@techreport{shevchenko:20201223:dns:0f3f013, author = {Sergei Shevchenko}, title = {{DNS Tunneling In The SolarWinds Supply Chain Attack}}, date = {2020-12-23}, institution = {Prevasio}, url = {https://prevasio.com/static/web/viewer.html?file=/static/Anatomy_Of_SolarWinds_Supply_Chain_Attack.pdf}, language = {English}, urldate = {2021-01-01} } DNS Tunneling In The SolarWinds Supply Chain Attack
SUNBURST
2020-12-23Sentinel LABSMarco Figueroa, James Haughom, Jim Walter
@online{figueroa:20201223:solarwinds:993b625, author = {Marco Figueroa and James Haughom and Jim Walter}, title = {{SolarWinds | Understanding & Detecting the SUPERNOVA Webshell Trojan}}, date = {2020-12-23}, organization = {Sentinel LABS}, url = {https://www.sentinelone.com/labs/solarwinds-understanding-detecting-the-supernova-webshell-trojan}, language = {English}, urldate = {2022-07-25} } SolarWinds | Understanding & Detecting the SUPERNOVA Webshell Trojan
SUPERNOVA BRONZE SPIRAL
2020-12-22ZscalerZscaler
@online{zscaler:20201222:hitchhikers:1875e0b, author = {Zscaler}, title = {{The Hitchhiker’s Guide to SolarWinds Incident Response}}, date = {2020-12-22}, organization = {Zscaler}, url = {https://www.zscaler.com/blogs/security-research/hitchhikers-guide-solarwinds-incident-response}, language = {English}, urldate = {2021-01-10} } The Hitchhiker’s Guide to SolarWinds Incident Response
SUNBURST
2020-12-22FBIFBI
@online{fbi:20201222:pin:ea37578, author = {FBI}, title = {{PIN Number 20201222-001: Advanced Persistent Threat Actors Leverage SolarWinds Vulnerabilities}}, date = {2020-12-22}, organization = {FBI}, url = {https://drive.google.com/file/d/1R79Q1oC18GmKK8FYBoYEt0vYF7SpsvQI/view}, language = {English}, urldate = {2020-12-26} } PIN Number 20201222-001: Advanced Persistent Threat Actors Leverage SolarWinds Vulnerabilities
SUNBURST