What is it about?
The SolarWinds® Orion Platform is a powerful, scalable infrastructure monitoring and management platform. Recently, it was reported that SolarWinds product Orion was compromised by distributing backdoor software on their software update system.
SolarWinds.Orion.Core.BusinessLayer.dll is a SolarWinds digitally-signed component of the Orion software framework that contains the backdoor that communicates via HTTP to third party servers also the exploit will be dormant for 1-2 weeks.
The domain avsvmcloud[.]com was the command and control (C&C) server for the backdoor delivered to around 18,000 SolarWinds customers through tainted updates for the SolarWinds Orion app.
Here is the workflow of the malware released by FireEye
