来源：

https://us-cert.cisa.gov/ncas/alerts/aa20-352a

https://www.fireeye.com/blog/threat-research/2020/12/evasive-attacker-leverages-solarwinds-supply-chain-compromises-with-sunburst-backdoor.html

摘要：

攻击者在入侵SolarWind后，将官方安装包植入后门，从而实现供应链攻击。

后门组件： SolarWinds.Orion.Core.BusinessLayer.dll

文件基本信息：

md5:B91CE2FA41029F6955BFF20079468448

sha1:76640508B1E7759E548771A5359EAED353BF1EEC

sha256:32519B85C0B422E4656DE6E6C41878E95FD95026267DAAB4215EE59C107D6C77

imphash:D0823F24EA6E7922288E5C17847E38F8

file-version:2019.4.5200.9083

description:SolarWinds.Orion.Core.BusinessLayer

file-type:dynamic-link-library

cpu:32-bit

后门位置：

判断进程哈希是否为17291806236368054941