SUNSPOT

Description

(CrowdStrike) SUNSPOT is StellarParticle’s malware used to insert the SUNBURST backdoor into software builds of the SolarWinds Orion IT management product. SUNSPOT monitors running processes for those involved in compilation of the Orion product and replaces one of the source files to include the SUNBURST backdoor code. Several safeguards were added to SUNSPOT to avoid the Orion builds from failing, potentially alerting developers to the adversary’s presence.

Names

Name
SUNSPOT

Type

Rootkit

Information

https://www.crowdstrike.com/blog/sunspot-malware-technical-analysis/

Mitre Attack

https://attack.mitre.org/software/S0562/

Other Information

Uuid

1d748959-f07e-49b8-acd5-ce46dbaee5d8

Last Card Change

2022-12-30

Threat Intelligence Garden

Explorer

SUNSPOT

SUNSPOT

Description

Names

Category

Type

Information

Mitre Attack

Other Information

Uuid

Last Card Change

Graph View

Table of Contents

Backlinks