W32/Sunburst.A!tr
Analysis
W32/Sunburst.A!tr is a generic detection for a trojan that was involved in the high profile SolarWinds Orion and Fireeye incidence affecting multiple organizations worldwide.
More details about this indidence on Supply Chain Attack on SolarWinds Orion Platform
Outbreak Alert
SolarWinds [signed] software containing a planted vulnerability released in March 2020 as a regular (trusted) software patch. The backdoor was not discovered until the FireEye breach became public 9 months later.
Recommended Action
- Make sure that your FortiGate/FortiClient system is using the latest AV database.
- Quarantine/delete files that are detected and replace infected files with clean backup copies.
Telemetry
Detection Availability
FortiGate | |
---|---|
FortiClient | |
FortiAPS | |
FortiAPU | |
FortiMail | |
FortiSandbox | |
FortiWeb | |
Web Application Firewall | |
FortiIsolator | |
FortiDeceptor | |
FortiEDR |