Botnet C&C

Description

This botnet is a generic detection for a trojan that was involved in the high profile SolarWinds Orion and Fireeye incidence affecting multiple organizations worldwide. More details about this indidence on Supply Chain Attack on SolarWinds Orion Platform.

Symptoms

Some possible symptoms include, but are not limited to:

As this attack a includes a backdoor component, it would be expected to have some communications with its CNC Servers, thus an uncommon network traffic to some suspicious site/CNC combined with a known presence of the affected Solarwind product versions can be attributed to this.

Instructions

Make sure that your FortiGate/FortiClient system is using the latest AV database.
Quarantine/delete files that are detected and replace infected files with clean backup copies.

ID	7630519
Created	Jan 07, 2021
Description Updated	Jan 07, 2021

Protect

Detect

Respond

Recover

Identify

Network Security

Endpoint Security

Application Security

Security Operations

Sunburst

Description

Symptoms

Instructions

Telemetry

News/Research

Research Center

PSIRT Center

Services

By Outbreak

By Solution

By Product

Protect

Detect

Respond

Recover

Identify

Network Security

Endpoint Security

Application Security

Security Operations

Threat Intelligence Center

Resource Center

About

FortiGuard Labs

Partners

Botnet C&C

Sunburst

Description

Symptoms

Instructions

Telemetry

Threat Intelligence
Center