Intrusion PreventionSolarWinds.SUNBURST.Backdoor
Description
This indicates that SUNBURST Backdoor C2 communication was detected in the network.
Outbreak Alert
SolarWinds [signed] software containing a planted vulnerability released in March 2020 as a regular (trusted) software patch. The backdoor was not discovered until the FireEye breach became public 9 months later.
Affected Products
SolarWinds Orion Platform versions 2019.4 HF 5, 2020.2 with no hotfix installed, or with 2020.2 HF 1
Impact
System Compromise: Remote attackers can gain control of vulnerable systems.
Recommended Actions
This signature's action can be set to "Block" to block this application.
Please use Anti-Virus software to scan and clean the system.
Also follow the latest advisory from the vendor.
https://www.solarwinds.com/securityadvisory
Telemetry
Coverage
| IPS (Regular DB) | |
| IPS (Extended DB) |
Version Updates
| Date | Version | Detail |
|---|---|---|
| 2021-10-19 | 18.181 | Sig Added |
| 2021-04-06 | 18.052 | Sig Added |
| 2021-03-30 | 18.048 | Sig Added |
| 2021-03-01 | 17.024 | Sig Added |
| 2021-02-11 | 17.015 | Sig Added |
| 2021-02-01 | 17.008 | Sig Added |
| 2021-01-27 | 17.006 | Sig Added |
| 2021-01-20 | 17.003 | Sig Added |
| 2021-01-12 | 16.996 | Sig Added |
| 2020-12-28 | 16.986 | Default_action:pass:drop |
References
https://www.solarwinds.com/securityadvisory| ID | 49692 |
| Created | Dec 21, 2020 |
| Updated | Apr 04, 2023 |
| Outbreak Alert | Solarwinds |
| Risk |
|
| CVE ID | |
| Default Action | drop |
| Active | |
| Affected OS | Windows |
| Affected App | Other |