Backdoor.Sunburst is Malwarebytes' detection name for a trojanized update to SolarWind’s Orion IT monitoring and management software.
Backdoor.Sunburst is a SolarWinds digitally-signed component of the Orion software framework that contains a backdoor that communicates via HTTP to third party servers. Backdoor.Sunburst has been widespread across organizations in a supply-chain attack. Backdoor.Sunburst uses multiple obfuscated blocklists to identify security and anti-virus tools running as processes, services, and drivers. It stores this information for later stages of an attack.
SHA256 hash: 32519B85C0B422E4656DE6E6C41878E95FD95026267DAAB4215EE59C107D6C77
Select your language