This indicates that SUNBURST Backdoor C2 communication was detected in the network.

description-logoOutbreak Alert

SolarWinds [signed] software containing a planted vulnerability released in March 2020 as a regular (trusted) software patch. The backdoor was not discovered until the FireEye breach became public 9 months later.

View the full Outbreak Alert Report

affected-products-logoAffected Products

SolarWinds Orion Platform versions 2019.4 HF 5, 2020.2 with no hotfix installed, or with 2020.2 HF 1

Impact logoImpact

System Compromise: Remote attackers can gain control of vulnerable systems.

recomended-action-logoRecommended Actions

This signature's action can be set to "Block" to block this application.
Please use Anti-Virus software to scan and clean the system.
Also follow the latest advisory from the vendor.

Telemetry logoTelemetry


IPS (Regular DB)
IPS (Extended DB)

Version Updates

Date Version Detail
2021-10-19 18.181 Sig Added
2021-04-06 18.052 Sig Added
2021-03-30 18.048 Sig Added
2021-03-01 17.024 Sig Added
2021-02-11 17.015 Sig Added
2021-02-01 17.008 Sig Added
2021-01-27 17.006 Sig Added
2021-01-20 17.003 Sig Added
2021-01-12 16.996 Sig Added
2020-12-28 16.986 Default_action:pass:drop