SolarWinds Orion and UNC2452 - Summary and Recommendations - TrustedSec
Tags
| cmtmf-attack-pattern: | Supply Chain Compromise |
| maec-delivery-vectors: | Watering Hole |
| attack-pattern: | Data Credentials - T1589.001 Ip Addresses - T1590.005 Malware - T1587.001 Malware - T1588.001 Phishing - T1660 Phishing - T1566 Server - T1583.004 Server - T1584.004 Software - T1592.002 Supply Chain Compromise - T1474 Supply Chain Compromise - T1195 Supply Chain Compromise |
Common Information
| Type | Value |
|---|---|
| UUID | e617bd06-756f-4ab6-84f9-0c37544a0545 |
| Fingerprint | d216d941e2ed164 |
| Analysis status | DONE |
| Considered CTI value | 2 |
| Text language | |
| Published | Dec. 14, 2020, 9:36 p.m. |
| Added to db | Sept. 26, 2022, 9:31 a.m. |
| Last updated | Nov. 17, 2024, 7:44 p.m. |
| Headline | SolarWinds Orion and UNC2452 – Summary and Recommendations |
| Title | SolarWinds Orion and UNC2452 - Summary and Recommendations - TrustedSec |
| Detected Hints/Tags/Attributes | 49/3/16 |
Source URLs
URL Provider
Attributes
| Details | Type | #Events | CTI | Value |
|---|---|---|---|---|
| Details | Domain | 4127 | github.com |
|
| Details | Domain | 34 | msrc-blog.microsoft.com |
|
| Details | Domain | 43 | www.solarwinds.com |
|
| Details | File | 4 | evasive-attacker-leverages-solarwinds-supply-chain-compromises-with-sunburst-backdoor.html |
|
| Details | Github username | 21 | fireeye |
|
| Details | md5 | 1 | 32603e0c87d84085b081f99a33fe5f4d |
|
| Details | md5 | 1 | 62A998B9753957D82BC0F07005D38368 |
|
| Details | Mandiant Uncategorized Groups | 97 | UNC2452 |
|
| Details | Url | 1 | https://support.solarwinds.com/successcenter/s/article/determine-which-version-of-a-solarwinds-orion-product-i-have-installed?language=en_us |
|
| Details | Url | 1 | https://support.solarwinds.com/successcenter/s/article/verify-hotfixes-that-have-been-installed?language=en_us |
|
| Details | Url | 1 | https://github.com/fireeye/sunburst_countermeasures |
|
| Details | Url | 4 | https://www.fireeye.com/blog/threat-research/2020/12/evasive-attacker-leverages-solarwinds-supply-chain-compromises-with-sunburst-backdoor.html |
|
| Details | Url | 3 | https://msrc-blog.microsoft.com/2020/12/13/customer-guidance-on-recent-nation-state-cyber-attacks |
|
| Details | Url | 1 | https://docs.microsoft.com/en-us/windows-server/identity/securing-privileged-access/privileged-access-workstations |
|
| Details | Url | 6 | https://www.solarwinds.com/securityadvisory |
|
| Details | Url | 1 | https://www.solarwinds.com/-/media/solarwinds/swdcv2/landing-pages/trust-center/resources/secure-configuration-in-the-orion-platform.ashx?rev=32603e0c87d84085b081f99a33fe5f4d&hash=62a998b9753957d82bc0f07005d38368 |