User Tools

Site Tools


What is it about?

The SolarWinds® Orion Platform is a powerful, scalable infrastructure monitoring and management platform. Recently, it was reported that SolarWinds product Orion was compromised by distributing backdoor software on their software update system.

SolarWinds.Orion.Core.BusinessLayer.dll is a SolarWinds digitally-signed component of the Orion software framework that contains the backdoor that communicates via HTTP to third party servers also the exploit will be dormant for 1-2 weeks.

The domain avsvmcloud[.]com was the command and control (C&C) server for the backdoor delivered to around 18,000 SolarWinds customers through tainted updates for the SolarWinds Orion app.

Here is the workflow of the malware released by FireEye

wiki/pagename.txt · Last modified: 2021/01/10 11:53 by dk