wiki:pagename
What is it about?
The SolarWinds® Orion Platform is a powerful, scalable infrastructure monitoring and management platform. Recently, it was reported that SolarWinds product Orion was compromised by distributing backdoor software on their software update system.
SolarWinds.Orion.Core.BusinessLayer.dll is a SolarWinds digitally-signed component of the Orion software framework that contains the backdoor that communicates via HTTP to third party servers also the exploit will be dormant for 1-2 weeks.
The domain avsvmcloud[.]com was the command and control (C&C) server for the backdoor delivered to around 18,000 SolarWinds customers through tainted updates for the SolarWinds Orion app.
Here is the workflow of the malware released by FireEye
Here are some external links to get started
wiki/pagename.txt · Last modified: 2021/01/10 11:53 by dk