ID 49692
Created Dec 21, 2020
Updated Dec 27, 2021
Severity dark-circle dark-circle dark-circle dark-circle dark-circle
Coverage switch-on-logo IPS (Regular DB)
switch-on-logo IPS (Extended DB)
Default Action drop
Active switch-on-logo
Affected OS Windows
Affected App Other

Legend

Active/Available switch-on-logo
InActive/Not Available switch-off-logo

Update History

Date Version Detail
2021-10-19 18.181 Sig Added
2021-04-06 18.052 Sig Added
2021-03-30 18.048 Sig Added
2021-03-01 17.024 Sig Added
2021-02-11 17.015 Sig Added
2021-02-01 17.008 Sig Added
2021-01-27 17.006 Sig Added
2021-01-20 17.003 Sig Added
2021-01-12 16.996 Sig Added
2020-12-28 16.986 Default_action:pass:drop

Threat Encyclopedia

SolarWinds.SUNBURST.Backdoor

description-logoDescription

This indicates that SUNBURST Backdoor C2 communication was detected in the network.

affected-products-logoAffected Products

SolarWinds Orion Platform versions 2019.4 HF 5, 2020.2 with no hotfix installed, or with 2020.2 HF 1

Impact logoImpact

System Compromise: Remote attackers can gain control of vulnerable systems.

recomended-action-logoRecommended Actions

This signature's action can be set to "Block" to block this application.
Please use Anti-Virus software to scan and clean the system.
Also follow the latest advisory from the vendor.
https://www.solarwinds.com/securityadvisory

Other References

https://www.solarwinds.com/securityadvisory

Telemetry logoTelemetry