SUNBURST: SolarWinds Supply-Chain Attack
Tags
| attack-pattern: | Credentials - T1589.001 Dns - T1071.004 Dns - T1590.002 Software - T1592.002 |
Common Information
| Type | Value |
|---|---|
| UUID | 31690cf0-cc9e-483b-946f-43df1433e337 |
| Fingerprint | 103309c8203d0802 |
| Analysis status | DONE |
| Considered CTI value | 0 |
| Text language | |
| Published | Dec. 16, 2020, 3:56 p.m. |
| Added to db | Sept. 26, 2022, 9:31 a.m. |
| Last updated | Nov. 17, 2024, 6:55 p.m. |
| Headline | SUNBURST: SolarWinds’ Supply-Chain Attack |
| Title | SUNBURST: SolarWinds Supply-Chain Attack |
| Detected Hints/Tags/Attributes | 35/1/26 |
Source URLs
URL Provider
Attributes
| Details | Type | #Events | CTI | Value |
|---|---|---|---|---|
| Details | Domain | 50 | avsvmcloud.com |
|
| Details | Domain | 19 | deftsecurity.com |
|
| Details | Domain | 18 | freescanonline.com |
|
| Details | Domain | 18 | thedoccloud.com |
|
| Details | Domain | 13 | websitetheme.com |
|
| Details | Domain | 15 | highdatabase.com |
|
| Details | Domain | 16 | incomeupdate.com |
|
| Details | Domain | 15 | databasegalore.com |
|
| Details | Domain | 16 | panhardware.com |
|
| Details | Domain | 14 | zupertech.com |
|
| Details | Domain | 9 | dns.question.name |
|
| Details | Domain | 2 | dns.answer.name |
|
| Details | Domain | 2 | dns.answers.name |
|
| Details | Domain | 32 | file.name |
|
| Details | File | 29 | orion.core |
|
| Details | File | 26 | businesslayer.dll |
|
| Details | File | 13 | businesslayerhost.exe |
|
| Details | File | 4 | apmservicecontrol.exe |
|
| Details | File | 4 | exporttopdfcmd.exe |
|
| Details | File | 4 | webapi.exe |
|
| Details | File | 15 | calculator.exe |
|
| Details | File | 4 | database-maint.exe |
|
| Details | File | 86 | service.exe |
|
| Details | File | 81 | werfault.exe |
|
| Details | File | 49 | process.exe |
|
| Details | File | 12 | parent.exe |