← Back to Pulse Feed
PULSE DETAIL
PULSE NAME
Deep dive into the Solorigate second-stage activation: From SUNBURST to TEARDROP and Raindrop
WHITE AlienVault 2021-01-20 Modified: 2021-02-11
40
IOCs
MEDIUM VOLUME
A month after the Solorigate cyber-attack, Microsoft has published further details of the sophisticated and protracted intrusion attack that began on 1 January and continues to spread throughout the company's network and beyond.
SolorigateSUNBURSTTEARDROPRaindropSolarwinds
MITRE ATT&CK & Malware Families
ATT&CK TECHNIQUES
MALWARE FAMILIES
Raindrop Teardrop SUNBURST Cobalt Strike - S0154
Indicators of Compromise (40)
All FileHash-SHA256 domain
TYPEINDICATORDESCRIPTIONCREATED
FileHash-SHA256 118189f90da3788362fe85eafa555298423e21ec37f147f3bf88c61d4cd46c51 2021-01-20
FileHash-SHA256 1817a5bf9c01035bcf8a975c9f1d94b0ce7f6a200339485d8f93859f8f6d730c 2021-01-20
FileHash-SHA256 1ec138f21a315722fb702706b4bdc0f544317f130f4a009502ec98345f85e4ad 2021-01-20
FileHash-SHA256 2a276f4b11f47f81dd2bcb850a158d4202df836769da5a23e56bf0353281473e 2021-01-20
FileHash-SHA256 327f1d94bc26779cbe20f8689be12c7eee2e390fbddb40b92ad00b1cddfd6426 2021-01-20
FileHash-SHA256 3985dea8e467c56e8cc44ebfc201253ffee923765d12808aaf17db2c644c4c06 2021-01-20
FileHash-SHA256 557f91404fb821d7c1e98d9f2f5296dc12712fc19c87a84602442b4637fb23d4 2021-01-20
FileHash-SHA256 5cf85c3d18cd6dba8377370883a0fffda59767839156add4c8912394f76d6ef0 2021-01-20
FileHash-SHA256 5f8650ca0ed22ad0d4127eb4086d4548ec31ad035c7aec12c6e82cb64417a390 2021-01-20
FileHash-SHA256 674075c8f63c64ad5fa6fd5e2aa6e4954afae594e7b0f07670e4322a60f3d0cf 2021-01-20
FileHash-SHA256 6ff3a4f7fd7dc793e866708ab0fe592e6c08156b1aa3552a8d74e331f1aea377 2021-01-20
FileHash-SHA256 7c68f8d80fc2a6347da7c196d5f91861ba889afb51a4da4a6c282e06ef5bdb7e 2021-01-20
FileHash-SHA256 915705c09b4bd108bcd123fe35f20a16d8c9c7d38d93820e8c167695a890b214 2021-01-20
FileHash-SHA256 948bfdfad43ad52ca09890a4d2515079c29bdfe02edaa53e7d92858aa2dfbe4c 2021-01-20
FileHash-SHA256 955609cf0b4ea38b409d523a0f675d8404fee55c458ad079b4031e02433fdbf3 2021-01-20
FileHash-SHA256 b348546f4c6a9bcafd81015132f09cf8313420eb653673bf3d65046427b1167f 2021-01-20
FileHash-SHA256 b35e0010e0734fcd9b5952ae93459544ae33485fe0662fae715092e0dfb92ad3 2021-01-20
FileHash-SHA256 b820e8a2057112d0ed73bd7995201dbed79a79e13c79d4bdad81a22f12387e07 2021-01-20
FileHash-SHA256 be9dbbec6937dfe0a652c0603d4972ba354e83c06b8397d6555fd1847da36725 2021-01-20
FileHash-SHA256 c5a818d9b95e1c548d6af22b5e8663a2410e6d4ed87df7f9daf7df0ef029872e 2021-01-20
FileHash-SHA256 c741797dd400de5927f8b5317165fc755d6439749c39c380a1357eac0a00f90c 2021-01-20
FileHash-SHA256 c7924cc1bc388cfcdc2ee2472899cd34a2ef4414134cbc23a7cb530650f93d98 2021-01-20
FileHash-SHA256 c96b7a3c9acf704189ae8d6124b5a7b1f0e8c83c246b59bc5ff15e17b7de4c84 2021-01-20
FileHash-SHA256 cbbe224d9854d6a4269ed2fa9b22d77681f84e3ca4e5d6891414479471f5ca68 2021-01-20
FileHash-SHA256 cdd9b4252ef2f6e64bccc91146ec5dc51d94e2761184cd0ffa9909aa739fa17e 2021-01-20
FileHash-SHA256 dbd26ccb3699f426dc6799e218b91d1a3c1d08ad3006bc2880e29c755a4e2338 2021-01-20
FileHash-SHA256 e60e1bb967db273b922deeea32d56fc6d9501a236856ef9a3e5f76c1f392000a 2021-01-20
FileHash-SHA256 f2d38a29f6727f4ade62d88d8a68de0d52a0695930b8c92437a2f9e4de92e418 2021-01-20
FileHash-SHA256 f61a37aa8581986ba600286d65bb76100fb44e347e253f1f5ad50051e5f882f5 2021-01-20
FileHash-SHA256 f81987f1484bfe5441be157250b35b0a2d7991cf9272fa4eacd3e9f0dee235de 2021-01-20
domain aimsecurity.net 2021-01-20
domain datazr.com 2021-01-20
domain ervsystem.com 2021-01-20
domain financialmarket.org 2021-01-20
domain gallerycenter.org 2021-01-20
domain infinitysoftwares.com 2021-01-20
domain mobilnweb.com 2021-01-20
domain olapdatabase.com 2021-01-20
domain swipeservice.com 2021-01-20
domain techiefly.com 2021-01-20
References (2)
↗ https://www.microsoft.com/security/blog/2021/01/20/deep-dive-into-the-solorigate-second-stage-activation-from-sunburst-to-teardrop-and-raindrop/ ↗ https://us-cert.cisa.gov/ncas/analysis-reports/ar21-039b