Skip to content
Permalink
main
Go to file
Fix CSV format
2 contributors

Users who have contributed to this file

@jhsmith @digihash
12 lines (12 sloc) 3.55 KB
SHA256 SHA1 MD5 FILENAME Version Compile Time Signing time MIME Malware Family Role Notes
d0d626deb3f9484e649294a8dfa814c5568f846d5aa02d4cdad5d041a29d5600 1b476f58ca366b54f34d714ffce3fd73cc30db1a 02af7cec58b9a5da1c542b5a32151ba1 CORE-2019.4.5220.20574-SolarWinds-Core-v2019.4.5220-Hotfix5.msp application/vnd.ms-office SUNBURST Installer
53f8dfc65169ccda021b72a62e0c22a4db7c4077f002fa742717d41b3c40f2c7 47d92d49e6f7f296260da1af355f941eb25360c4 08e35543d6110ed11fdf558bb093d401 Solarwinds Worldwide, LLC application/x-x509-server-cert Code Signing Certificate Legitimate SolarWinds code-signing certificate Used to sign samples containing SUNBURST from March 2020 forward
32519b85c0b422e4656de6e6c41878e95fd95026267daab4215ee59c107d6c77 76640508b1e7759e548771a5359eaed353bf1eec b91ce2fa41029f6955bff20079468448 SolarWinds.Orion.Core.BusinessLayer.dll 2019.4.5200.9083 2020-03-24 08:52:34 2020-03-24 08:53:43 application/x-dosexec SUNBURST
abe22cf0d78836c3ea072daeaf4c5eeaf9c29b6feb597741651979fc8fbd2417 b485953ed77caefe81bff0d9b349a33c5cea4cde d5aad0d248c237360cf39c054b654d69 SolarWinds.Orion.Core.BusinessLayer.dll 2020.2.100.12299 2020-03-25 19:03:48 2020-03-25 19:04:53 application/x-dosexec SUNBURST
019085a76ba7126fff22770d71bd901c325fc68ac55aa743327984e89f4b0134 2f1a5a7411d015d01aaee4535835400191645023 2c4a910a1299cdae2a4e55988a2f102e SolarWinds.Orion.Core.BusinessLayer.dll 2020.2.5200.12394 2020-04-21 14:53:33 2020-04-21 14:54:41 application/x-dosexec SUNBURST
ce77d116a074dab7a22a0fd4f2c1ab475f16eec42e1ded3c0b0aa8211fe858d6 d130bd75645c2433f88ac03e73395fba172ef676 846e27a652a5e1bfbd0ddd38a16dc865 SolarWinds.Orion.Core.BusinessLayer.dll 2020.2.5300.12432 2020-05-11 21:32:40 2020-05-11 21:33:50 application/x-dosexec SUNBURST
439bcd0a17d53837bc29fb51c0abd9d52a747227f97133f8ad794d9cc0ef191e cfc57d48effb5bbd4e0a6f80e6041d9faf7d7ab4 baa3d3488db90289eb2889c1a2acbcde Solarwinds Worldwide, LLC application/x-x509-server-cert Code Signing Certificate Legitimate SolarWinds code-signing certificate Used to sign samples containing class named <OrionImprovementBusinessLayer>, but no malicious SUNBURST code. Suspected to be attacker testing.
a25cadd48d70f6ea0c4a241d99c5241269e6faccb4054e62d16784640f8e53bc 5e643654179e8b4cfe1d3c1906a90a4c8d611cea e18a6a21eb44e77ca8d739a72209c370 SolarWinds.Orion.Core.BusinessLayer.dll 2019.4.5200.8890 2019-10-10 13:26:39 2019-10-10 13:28:10 application/x-dosexec Benign Contains class named <OrionImprovementBusinessLayer>, but no malicious SUNBURST code. Suspected to be attacker testing.
d3c6785e18fba3749fb785bc313cf8346182f532c59172b69adfb31b96a5d0af ebe711516d0f5cd8126f4d53e375c90b7b95e8f2 3e329a4c9030b26ba152fb602a1d5893 SolarWinds.Orion.Core.BusinessLayer.dll 2019.4.5200.8890 2019-10-10 13:26:39 2019-10-11 08:45:19 application/x-dosexec Benign Contains class named <OrionImprovementBusinessLayer>, but no malicious SUNBURST code. Suspected to be attacker testing.
292327e5c94afa352cc5a02ca273df543f2020d0e76368ff96c84f4e90778712 c2c30b3a287d82f88753c85cfb11ec9eb1466bad 4f2eb62fa529c0283b28d05ddd311fae OrionImprovementBusinessLayer.2.cs text/plain SUNBURST Decompiled and corrected source code for SUNBURST Extracted from 32519b85c0b422e4656de6e6c41878e95fd95026267daab4215ee59c107d6c77
c15abaf51e78ca56c0376522d699c978217bf041a3bd3c71d09193efa5717c71 75af292f34789a1c782ea36c7127bf6106f595e8 56ceb6d0011d87b6e4d7023d7ef85676 app_web_logoimagehandler.ashx.b6031896.dll 2020-03-24 09:16:10 application/x-dosexec SUPERNOVA Webshell While malicious, SUPERNOVA has not been currently tied to the UNC2452 SolarWinds compromise
You can’t perform that action at this time.