SunburstDomainDecoder

Sunburst stages 1 to 3 (passive, associated and active)

Finding Targeted SUNBURST Victims with pDNS

| | 1dbecfd99ku6fi2e5fjb, 2039AFE13E5307A1, 22334A7227544B1E, 4n4vte5gmor7j9lpegsf, 5qbtj04rcbp3tiq8bo6t, associated, avsvmcloud, C2, deftsecurity, DNSSEC, E258332529826721, ext, flag, freescanonline, Netresec, pDNS, SolarWinds, Solorigate, STAGE2, SUNBURST, SunburstDomainDecoder, thedoccloud
Our SunburstDomainDecoder tool can now be used to identify SUNBURST victims that have been explicitly targeted by the attackers. The only input needed is passive DNS (pDNS) data for avsvmcloud.com subdomains. Companies ...
NETRESEC Network Security Blog
SUNBURST Security Applications Chart

Extracting Security Products from SUNBURST DNS Beacons

| | beacon, C2, Carbon Black, CB28867A08967B43, CrowdStrike Falcon, dns, ESET, f-secure, fireeye, SolarWinds, Solorigate, SUNBURST, SunburstDomainDecoder, Windows Defender
The latest version of our SunburstDomainDecoder (v1.7) can be used to reveal which endpoint protection applications that are installed on trojanized SolarWinds Orion deployments. The security application info is extracted from DNS ...
NETRESEC Network Security Blog
SunburstDomainDecoder.exe output showing int.lukoil-international.uz tr.technion.ac.il rst.atlantis-pak.ru ci.dublin.ca.us and mutualofomahabank.com

Reassembling Victim Domain Fragments from SUNBURST DNS

| | .net, 02af7cec58b9a5da1c542b5a32151ba1, avsvmcloud, b91ce2fa41029f6955bff20079468448, backdoor, dns, pDNS, SolarWinds, SolarWinds-Core-v2019.4.5220-Hotfix5.msp, SolarWinds.Orion.Core.BusinessLayer.dll, Solorigate, SUNBURST, SunburstDomainDecoder, trojan
We are releasing a free tool called SunburstDomainDecoder today, which is created in order to help CERT organizations identify victims of the trojanized SolarWinds software update, known as SUNBURST or Solorigate. SunburstDomainDecoder ...
NETRESEC Network Security Blog