Backdoor.Sunburst

ThreatDown is now the name of the Malwarebytes line of business products. References to Malwarebytes below reflect the amazing technology used to first identify the threat.

Short bio

Backdoor.Sunburst is Malwarebytes’ detection name for a trojanized update to SolarWind’s Orion IT monitoring and management software.

Type of infection

Backdoor.Sunburst is a SolarWinds digitally-signed component of the Orion software framework that contains a backdoor that communicates via HTTP to third party servers. Backdoor.Sunburst has been widespread across organizations in a supply-chain attack. Backdoor.Sunburst uses multiple obfuscated blocklists to identify security and anti-virus tools running as processes, services, and drivers. It stores this information for later stages of an attack.

Protection

Malwarebytes blocks Backdoor.Sunburst

Business remediation

How to remove Backdoor.Sunburst with the Malwarebytes Nebula console

You can use the Malwarebytes Anti-Malware Nebula console to scan endpoints.

Nebula endpoint tasks menu

Choose the Scan + Quarantine option. Afterwards you can check the Detections page to see which threats were found.

On the Quarantine page you can see which threats were quarantined and restore them if necessary.

Similiar detections

astonishlandmassnervy.com happysmurf.com replevysquab.top ds96gk.com ds8fc0.com sacwumsf.com RemotePortScan entwithoughtsu.com stikroltiltoowi.net securelogger.net View all Domain detections >

Products

Services

Features

Platforms

Why ThreatDown

Detection Details

Backdoor.Sunburst

Short bio

Type of infection

Protection

Business remediation

How to remove Backdoor.Sunburst with the Malwarebytes Nebula console

Similiar detections

Products & Services

Partners

Resources

Managed Services Terms & Conditions

Support

Get in Touch