avsvmcloud

Were you targeted by SUNBURST? Image credit: NASA

Robust Indicators of Compromise for SUNBURST

| | 22334A7227544B1E, avsvmcloud, avsvmcloud.com, CNAME, Cobalt Strike, dns, Indicators, IOC, NetBIOS, Palo Alto, paloaltonetworks, SolarStorm, SolarWinds, STAGE2, SUNBURST
There has been a great deal of confusion regarding what network based Indicators of Compromise (IOC) SolarWinds Orion customers can use to self assess whether or not they have been targeted after ...
NETRESEC Network Security Blog
Sunburst stages 1 to 3 (passive, associated and active)

Finding Targeted SUNBURST Victims with pDNS

| | 1dbecfd99ku6fi2e5fjb, 2039AFE13E5307A1, 22334A7227544B1E, 4n4vte5gmor7j9lpegsf, 5qbtj04rcbp3tiq8bo6t, associated, avsvmcloud, C2, deftsecurity, DNSSEC, E258332529826721, ext, flag, freescanonline, Netresec, pDNS, SolarWinds, Solorigate, STAGE2, SUNBURST, SunburstDomainDecoder, thedoccloud
Our SunburstDomainDecoder tool can now be used to identify SUNBURST victims that have been explicitly targeted by the attackers. The only input needed is passive DNS (pDNS) data for avsvmcloud.com subdomains. Companies ...
NETRESEC Network Security Blog
SunburstDomainDecoder.exe output showing int.lukoil-international.uz tr.technion.ac.il rst.atlantis-pak.ru ci.dublin.ca.us and mutualofomahabank.com

Reassembling Victim Domain Fragments from SUNBURST DNS

| | .net, 02af7cec58b9a5da1c542b5a32151ba1, avsvmcloud, b91ce2fa41029f6955bff20079468448, backdoor, dns, pDNS, SolarWinds, SolarWinds-Core-v2019.4.5220-Hotfix5.msp, SolarWinds.Orion.Core.BusinessLayer.dll, Solorigate, SUNBURST, SunburstDomainDecoder, trojan
We are releasing a free tool called SunburstDomainDecoder today, which is created in order to help CERT organizations identify victims of the trojanized SolarWinds software update, known as SUNBURST or Solorigate. SunburstDomainDecoder ...
NETRESEC Network Security Blog