SolarWinds/SUNBURST: DGA or DNS Tunneling?
Tags
cmtmf-attack-pattern: Application Layer Protocol
country: Russia
attack-pattern: Data Application Layer Protocol - T1437 Dns - T1071.004 Dns - T1590.002 Domain Generation Algorithms - T1637.001 Domain Generation Algorithms - T1568.002 Domain Generation Algorithms - T1520 Domain Generation Algorithms - T1483 Domains - T1583.001 Domains - T1584.001 Ip Addresses - T1590.005 Malware - T1587.001 Malware - T1588.001 Server - T1583.004 Server - T1584.004 Standard Application Layer Protocol - T1071
Show in Graph
Common Information
Type Value
UUID e36206cb-25c1-4422-88a7-0b5f5a7a3fec
Fingerprint b5975d592c9ab6b3
Analysis status DONE
Considered CTI value 0
Text language
Published Dec. 21, 2020, midnight
Added to db Sept. 26, 2022, 9:31 a.m.
Last updated Nov. 15, 2024, 12:36 p.m.
Headline SolarWinds/SUNBURST: DGA or DNS Tunneling?
Title SolarWinds/SUNBURST: DGA or DNS Tunneling?
Detected Hints/Tags/Attributes 43/3/3
Source URLs
Redirection Url
Details Source https://www.ironnet.com/blog/a-closer-look-at-the-solarwinds/sunburst-malware-dga-or-dns-tunneling
URL Provider
Details Provider Source level domain
Details ironnet.com www.ironnet.com
Attributes
Details Type #Events CTI Value
Details Domain 194 
drive.google.com
Details Domain 50 
avsvmcloud.com
Details MITRE ATT&CK Techniques 25 
T1568.002