SolarWinds Attacks: Stealthy Attackers Attempted To Evade Detection
Tags
| attack-pattern: | Domains - T1583.001 Domains - T1584.001 Malware - T1587.001 Malware - T1588.001 Server - T1583.004 Server - T1584.004 Software - T1592.002 Tool - T1588.002 |
Common Information
| Type | Value |
|---|---|
| UUID | d682e401-aa2b-42d5-a4dc-50873f925407 |
| Fingerprint | c28369d83825828f |
| Analysis status | DONE |
| Considered CTI value | 0 |
| Text language | |
| Published | Dec. 21, 2020, midnight |
| Added to db | Sept. 26, 2022, 9:31 a.m. |
| Last updated | Nov. 12, 2024, 11:53 a.m. |
| Headline | SolarWinds Attacks: Stealthy Attackers Attempted To Evade Detection |
| Title | SolarWinds Attacks: Stealthy Attackers Attempted To Evade Detection |
| Detected Hints/Tags/Attributes | 46/1/22 |
Source URLs
URL Provider
Attributes
| Details | Type | #Events | CTI | Value |
|---|---|---|---|---|
| Details | Domain | 11 | api.solarwinds.com |
|
| Details | Domain | 3 | lab.na |
|
| Details | Domain | 3 | lab.rio |
|
| Details | File | 29 | orion.core |
|
| Details | File | 5 | cybkerneltracker.sys |
|
| Details | File | 5 | atrsdfw.sys |
|
| Details | File | 5 | eaw.sys |
|
| Details | File | 4 | rvsavd.sys |
|
| Details | File | 5 | dgdmk.sys |
|
| Details | File | 5 | sentinelmonitor.sys |
|
| Details | File | 4 | hexisfsmonitor.sys |
|
| Details | File | 6 | groundling32.sys |
|
| Details | File | 4 | groundling64.sys |
|
| Details | File | 4 | safe-agent.sys |
|
| Details | File | 5 | crexecprev.sys |
|
| Details | File | 4 | psepfilter.sys |
|
| Details | File | 5 | cve.sys |
|
| Details | File | 5 | brfilter.sys |
|
| Details | File | 5 | brcow_x_x_x_x.sys |
|
| Details | File | 4 | lragentmf.sys |
|
| Details | File | 4 | libwamf.sys |
|
| Details | File | 1 | ybkerneltracker.sys |