Intrusion PreventionSolarWinds.SUNBURST.Backdoor
Description
This indicates that SUNBURST Backdoor C2 communication was detected in the network.
Outbreak Alert
SolarWinds [signed] software containing a planted vulnerability released in March 2020 as a regular (trusted) software patch. The backdoor was not discovered until the FireEye breach became public 9 months later.
Affected Products
SolarWinds Orion Platform versions 2019.4 HF 5, 2020.2 with no hotfix installed, or with 2020.2 HF 1
Impact
System Compromise: Remote attackers can gain control of vulnerable systems.
Recommended Actions
This signature's action can be set to "Block" to block this application.
Please use Anti-Virus software to scan and clean the system.
Also follow the latest advisory from the vendor.
https://www.solarwinds.com/securityadvisory
Coverage
| IPS (Regular DB) | |
| IPS (Extended DB) |
Version Updates
| Date | Version | Status | Detail |
|---|---|---|---|
| 2025-01-23 | 29.942 |
Modified
|
Sig Added |
| 2021-10-19 | 18.181 |
Modified
|
Sig Added |
| 2021-04-06 | 18.052 |
Modified
|
Sig Added |
| 2021-03-30 | 18.048 |
Modified
|
Sig Added |
| 2021-03-01 | 17.024 |
Modified
|
Sig Added |
| 2021-02-11 | 17.015 |
Modified
|
Sig Added |
| 2021-02-01 | 17.008 |
Modified
|
Sig Added |
| 2021-01-27 | 17.006 |
Modified
|
Sig Added |
| 2021-01-20 | 17.003 |
Modified
|
Sig Added |
| 2021-01-12 | 16.996 |
Modified
|
Sig Added |
References
https://www.solarwinds.com/securityadvisory| ID | 49692 |
| Created | Dec 21, 2020 |
| Updated | Jan 23, 2025 |
| Tags | Solarwinds |
| Risk |
|
| Default Action | drop |
| Active | |
| Affected OS | Windows |
| Affected App | Other |
| Profile Type | Malware |