来源:
https://us-cert.cisa.gov/ncas/alerts/aa20-352a
https://www.fireeye.com/blog/threat-research/2020/12/evasive-attacker-leverages-solarwinds-supply-chain-compromises-with-sunburst-backdoor.html
摘要:
攻击者在入侵SolarWind后,将官方安装包植入后门,从而实现供应链攻击。
后门组件: SolarWinds.Orion.Core.BusinessLayer.dll
文件基本信息:
md5:B91CE2FA41029F6955BFF20079468448
sha1:76640508B1E7759E548771A5359EAED353BF1EEC
sha256:32519B85C0B422E4656DE6E6C41878E95FD95026267DAAB4215EE59C107D6C77
imphash:D0823F24EA6E7922288E5C17847E38F8
file-version:2019.4.5200.9083
description:SolarWinds.Orion.Core.BusinessLayer
file-type:dynamic-link-library
cpu:32-bit
后门位置:
判断进程哈希是否为17291806236368054941