← Back to Pulse Feed
PULSE DETAIL
PULSE NAME
Dark Halo Leverages SolarWinds Compromise to Breach Organizations | Volexity
WHITE hermione 2022-12-06 Modified: 2023-01-05
22
IOCs
MEDIUM VOLUME
Volexity is releasing additional research and indicators associated with a breach involving the SolarWinds Orion software platform, as well as a series of other incidents involving a threat actor, known as Dark Halo.
volexitydark halojulyfireeyesolarwindsowa serveradfindoutlook webjuneexchange serverpowershelldonefalsedatevirustotalshell
MITRE ATT&CK & Malware Families
ATT&CK TECHNIQUES
Indicators of Compromise (22)
All URL CIDR CVE domain hostname
TYPEINDICATORDESCRIPTIONCREATED
URL http://8.18.145.0/24. 2022-12-06
CIDR 184.72.0.0/16 2022-12-06
CIDR 20.141.48.0/24 2022-12-06
CIDR 8.18.144.0/24 2022-12-06
CIDR 8.18.145.0/24 2022-12-06
CVE CVE-2022-27925 2022-12-06
URL https://owa.organization.here/owa/auth/Redir.png 2022-12-06
domain avsvmcloud.com 2022-12-06
domain deftsecurity.com 2022-12-06
domain digitalcollege.org 2022-12-06
domain freescanonline.com 2022-12-06
domain globalnetworkissues.com 2022-12-06
domain joeware.net 2022-12-06
domain kubecloud.com 2022-12-06
domain lcomputers.com 2022-12-06
domain seobundlekit.com 2022-12-06
domain solartrackingsystem.net 2022-12-06
domain thedoccloud.com 2022-12-06
domain virtualwebdata.com 2022-12-06
domain webcodez.com 2022-12-06
hostname appsync-api.us-west-2.avsvmcloud.com 2022-12-06
hostname owa.organization.here 2022-12-06
References (1)
↗ https://www.volexity.com/blog/2020/12/14/dark-halo-leverages-solarwinds-compromise-to-breach-organizations/