virus logo Virus

W32/Sunburst.A!tr

description-logoAnalysis

W32/Sunburst.A!tr is a generic detection for a trojan that was involved in the high profile SolarWinds Orion and Fireeye incidence affecting multiple organizations worldwide.
More details about this indidence on Supply Chain Attack on SolarWinds Orion Platform

description-logoOutbreak Alert

SolarWinds [signed] software containing a planted vulnerability released in March 2020 as a regular (trusted) software patch. The backdoor was not discovered until the FireEye breach became public 9 months later.

View the full Outbreak Alert Report

recommended-action-logoRecommended Action

  • Make sure that your FortiGate/FortiClient system is using the latest AV database.
  • Quarantine/delete files that are detected and replace infected files with clean backup copies.

Telemetry logoTelemetry

Detection Availability

FortiGate
FortiClient
FortiAPS
FortiAPU
FortiMail
FortiSandbox
FortiWeb
Web Application Firewall
FortiIsolator
FortiDeceptor
FortiEDR

Version Updates

Date Version Detail
2023-12-08 91.09537
2023-07-25 91.05424
2021-12-07 89.07553
2021-08-04 88.00129
2021-08-03 88.00101
2021-07-06 87.00429
2021-06-29 87.00261
2021-05-19 86.00293
2021-04-22 85.00632
2021-04-22 85.00630
ID 8279742
Released Jan 07, 2021
Description
Updated		 Dec 15, 2020
Outbreak Alert Solarwinds
Aliases Backdoor.Win32.SUNBURST.A,Backdoor.MSIL.Sunburst.d,HEUR:Backdoor.MSIL.SunBurst.gen
Platform Profile Win32 file format / PE 32 bit