Backdoor.Sunburst

Malwarebytes Detections: Malware

Short bio

Backdoor.Sunburst is Malwarebytes’ detection name for a trojanized update to SolarWind’s Orion IT monitoring and management software.

Type and source of infection

Backdoor.Sunburst is a SolarWinds digitally-signed component of the Orion software framework that contains a backdoor that communicates via HTTP to third party servers. Backdoor.Sunburst has been widespread across organizations in a supply-chain attack.
Backdoor.Sunburst uses multiple obfuscated blocklists to identify security and anti-virus tools running as processes, services, and drivers. It stores this information for later stages of an attack.

Protection

Malwarebytes protects users from Backdoor.Sunburst by using real-time protection.

block Backdoor.Sunburst

Malwarebytes blocks Backdoor.Sunburst

Business remediation

How to remove Backdoor.Sunburst with the Malwarebytes Nebula console

You can use the Malwarebytes Anti-Malware Nebula console to scan endpoints.

Nebula endpoint tasks menu

Choose the Scan + Quarantine option. Afterwards you can check the Detections page to see which threats were found.

On the Quarantine page you can see which threats were quarantined and restore them if necessary.

Traces/IOCs

SHA256 hash: 32519B85C0B422E4656DE6E6C41878E95FD95026267DAAB4215EE59C107D6C77

Silouette of person
Contributors

See all threats
Threat Center

Malwarebytes Podcast
Podcast

Book with bookmark
Glossary

Suspicious person
Scams

Write for Malwarebytes Labs
Write for Labs

Select your language