SolarWinds SUNBURST Backdoor: Inside the APT Campaign - SentinelLabs
Tags
| attack-pattern: | Data Malware - T1587.001 Malware - T1588.001 Tool - T1588.002 Connection Proxy - T1090 |
Common Information
| Type | Value |
|---|---|
| UUID | e42b1d2c-1f10-485c-8434-c2b5883f6a49 |
| Fingerprint | a518b11539e10d87 |
| Analysis status | DONE |
| Considered CTI value | 0 |
| Text language | |
| Published | Dec. 18, 2020, midnight |
| Added to db | Sept. 26, 2022, 9:31 a.m. |
| Last updated | Nov. 12, 2024, 11:53 a.m. |
| Headline | SolarWinds SUNBURST Backdoor: Inside the APT Campaign |
| Title | SolarWinds SUNBURST Backdoor: Inside the APT Campaign - SentinelLabs |
| Detected Hints/Tags/Attributes | 34/1/21 |
Source URLs
URL Provider
Attributes
| Details | Type | #Events | CTI | Value |
|---|---|---|---|---|
| Details | Domain | 50 | avsvmcloud.com |
|
| Details | File | 5 | sentinelmonitor.sys |
|
| Details | File | 1 | fnva_hash_s1.exe |
|
| Details | File | 5 | cybkerneltracker.sys |
|
| Details | File | 5 | atrsdfw.sys |
|
| Details | File | 5 | eaw.sys |
|
| Details | File | 4 | rvsavd.sys |
|
| Details | File | 5 | dgdmk.sys |
|
| Details | File | 4 | hexisfsmonitor.sys |
|
| Details | File | 6 | groundling32.sys |
|
| Details | File | 4 | groundling64.sys |
|
| Details | File | 4 | safe-agent.sys |
|
| Details | File | 5 | crexecprev.sys |
|
| Details | File | 4 | psepfilter.sys |
|
| Details | File | 5 | cve.sys |
|
| Details | File | 5 | brfilter.sys |
|
| Details | File | 5 | brcow_x_x_x_x.sys |
|
| Details | File | 4 | lragentmf.sys |
|
| Details | File | 4 | libwamf.sys |
|
| Details | File | 29 | orion.core |
|
| Details | File | 13 | businesslayerhost.exe |