Only 1 / 67 antivirus engines list SUNBURST backdoor as malicious - SolarWinds.Orion.Core.BusinessLayer.dll #SUNBURST #UNC2452

SolarWinds' digital certificate hasn't been revoked yet.
The full compromised package is still being hosted online as well 😓 hxxps://downloads.solarwinds[.]com/solarwinds/CatalogResources/Core/2019.4/2019.4.5220.20574/SolarWinds-Core-v2019.4.5220-Hotfix5.msp
Job class within the backdoored #Sunburst DLL is pretty straight forward and aligns with @FireEye's analysis. CollectSystemDescription:
#UNC2452 prefers MD5 for their file hashing routine
#UNC2452's DirList is savvy enough to always expand environment variables. Doesn't appear to have any recursion or depth arguments for DirWalk'ing.
Use of token manipulation was underwhelming. Sets process privilege to SeTakeOwnershipPrivilege, SeRestorePrivilege, and SeShutdownPrivilege.
Domain1 =
(just like the report said). Thus far all analysis has held up (no real surprise there).
One of the anomalous #SUNBURST DLLs from October 2019 that Microsoft highlighted can be found in the SolarWinds Coreinstall.msi for 2019.4.5220.20161 - hxxps://downloads.solarwinds[.]com/solarwinds/CatalogResources/Core/2019.4/2019.4.5220.20161/CoreInstaller.msi
Malicious #SUNBURST DLL CE77D116A074DAB7A22A0FD4F2C1AB475F16EEC42E1DED3C0B0AA8211FE858D6 from May 2020 can be found in CoreInstaller.msi for 2020.2.5320.27438 -hxxps://downloads.solarwinds[.]com/solarwinds/CatalogResources/Core/2020.2/2020.2.5320.27438/CoreInstaller.msi
Malicious #SUNBUST DLL 019085A76BA7126FFF22770D71BD901C325FC68AC55AA743327984E89F4B0134 from April 2020 can be found in CoreInstaller.msi for 2020.2.5220.27327 - hxxps://downloads.solarwinds[.]com/solarwinds/CatalogResources/Core/2020.2/2020.2.5220.27327/CoreInstaller.msi

More from Internet

The Internet and mobile phones have taken over our lives. But it comes with increasing security concerns. Website data breaches, phishing attacks, and other online scams are commonplace. Here's a thread for regular people on how to increase your security online.

Go to your Google account settings. Revoke permissions from all the apps you don't use:

Also check if any app has access to your contacts or - gasp! - your entire email. Strongly reconsider both, especially access to your email.

Giving access to your contacts lets companies spam those people.

Giving access to your email - email organising apps, for instance - renders your online security meaningless. Password resets are often done with email, and if an external entity can access that, game over!

Go to your Twitter account settings and revoke permissions from all the apps you don't use or trust:

Online quizzes and such sites often ask for permission to post tweets for you, read your tweets, and even your DMs!.

People click "OK" without reading the fine print.

But imagine the security and privacy risk with having some unknown entity be able to post tweets and read your private DMs just to post the results of what Game of Thrones character you are.

You May Also Like

There are some amazing founders and indie hackers that have made 🤯-worthy progress this last year.

The stuff you can do in a year is seriously astounding 👇

👉 @TransistorFM reaching $22k MRR in one year:

I was one of their first customers and the progress @mijustin and @jonbuda have made working mostly part-time has been crazy.

Now both are full-time. Follow them on @buildyoursaas

👉 @talk2oneup reaching $10k MRR in one year:

@daviswbaer joined as a co-founder and through many different marketing tactics, pricing changes, and product updates, they've managed to carve out a niche market in a really competitive industry.

👉 @hostifi_net $9k MRR in one year:

After getting fired from his full-time job, @_rchase_ embarked on a year focused on building products to replace his salary in a year.

The dude seriously SHIPS and even took investment from @earnestcapital


With a strong product, continuous improvement, and SEO, @unindie has really been inspirational.

There are no excuses.
Really enjoyed digging into recent innovations in the football analytics industry.

>10 hours of interviews for this w/ a dozen or so of top firms in the game. Really grateful to everyone who gave up time & insights, even those that didnt make final cut 🙇‍♂️

For avoidance of doubt, leading tracking analytics firms are now well beyond voronoi diagrams, using more granular measures to assess control and value of space.

This @JaviOnData & @LukeBornn paper from 2018 referenced in the piece demonstrates one method

Bit of this that I nerded out on the most is "ghosting" — technique used by @counterattack9 & co @stats_insights, among others.

Deep learning models predict how specific players — operating w/in specific setups — will move & execute actions. A paper here:

So many use-cases:
1/ Quickly & automatically spot situations where opponent's defence is abnormally vulnerable. Drill those to death in training.
2/ Swap target player B in for current player A, and simulate. How does target player strengthen/weaken team? In specific situations?