Reconnecting to live updates…

OSINT - UNC2452 / SUNBURST @vxunderground OSINT related findings

Severity: highType: unknown

AI Analysis

Technical Summary

This report references OSINT findings related to the UNC2452 threat actor and the SUNBURST malware, which gained notoriety through the SolarWinds supply chain attack disclosed in late 2020. UNC2452 is a sophisticated threat actor believed to be state-sponsored, responsible for injecting malicious code into SolarWinds Orion software updates, enabling widespread espionage and data exfiltration. The provided data is an OSINT feed entry from CIRCL, indicating a 50% certainty level and categorizing the information as perpetual OSINT. No specific affected versions or technical exploit details are provided, nor are there known exploits in the wild linked to this particular OSINT entry. The lack of patch availability and absence of CWE identifiers suggest this entry is informational rather than a direct vulnerability report. The threat's high severity tag likely reflects the known impact of the underlying SUNBURST compromise rather than new findings. The report's focus on payload delivery and external analysis aligns with the known modus operandi of UNC2452, which used sophisticated supply chain attacks to deliver malicious payloads stealthily. Overall, this entry serves as a pointer to ongoing OSINT efforts monitoring UNC2452/SUNBURST activity rather than a new or distinct vulnerability.

Potential Impact

For European organizations, the impact of the UNC2452/SUNBURST threat is significant due to the potential for widespread espionage, data theft, and disruption of critical infrastructure. Organizations using SolarWinds Orion products or integrated supply chain services are at risk of having been compromised or targeted. The stealthy nature of the attack allows threat actors to maintain persistence and exfiltrate sensitive data over extended periods, potentially affecting government agencies, critical infrastructure providers, and private enterprises. The lack of specific exploit details in this OSINT entry limits immediate actionable impact but underscores the ongoing risk from this threat actor. European entities involved in IT management, telecommunications, energy, and public administration are particularly vulnerable due to their reliance on SolarWinds products and the strategic value of their data. The reputational damage and operational disruption from such supply chain compromises can be severe, affecting trust and compliance with data protection regulations such as GDPR.

Mitigation Recommendations

European organizations should implement enhanced monitoring for indicators of compromise related to UNC2452 and SUNBURST, including network traffic analysis and endpoint detection for known SUNBURST signatures. Conduct thorough audits of SolarWinds Orion deployments and related supply chain components, ensuring all software is updated to versions released after the compromise was disclosed. Employ threat intelligence feeds to stay informed about emerging indicators and tactics used by UNC2452. Strengthen supply chain risk management by vetting third-party vendors and enforcing strict code integrity checks. Implement network segmentation to limit lateral movement in case of compromise. Use multi-factor authentication and least privilege principles to reduce attack surface. Engage in incident response planning specific to supply chain attacks and consider collaboration with national cybersecurity agencies for threat sharing. Given the absence of patches in this OSINT entry, focus on detection and containment rather than remediation of a new vulnerability.

Affected Countries

United Kingdom, Germany, France, Netherlands, Italy, Spain, Belgium, Sweden, Poland

Indicators of Compromise

hash: 1acf3108bf1e376c8848fbb25dc87424f2c2a39c
hash: e257236206e99f5a5c62035c9c59c57206728b28
hash: bcb5a4dcbc60d26a5f619518f2cfc1b4bb4e4387
hash: 5e643654179e8b4cfe1d3c1906a90a4c8d611cea
hash: ebe711516d0f5cd8126f4d53e375c90b7b95e8f2
link: https://vxug.fakedoma.in/samples/Exotic/UNC2452/SolarWinds%20Breach/
text: .text
size-in-bytes: 1018368
float: 5.5695446259584
hash: 5a1c26db5b9b9a2d0a630e63ff83f0bf
hash: 18ea74745f5c8992a95ae40bfe2158c8d7e34acf
hash: 02811d870295f78bf9aa3c9f42ca11f2838171fe73e70dbbc158fae590161573
hash: c0e04da710f18443018aeef4ab387903f93f95a42b700a3a88b3ea7c35ae3821850f1583494172f5650a69a9acf8f9d63d1fca22aac115f1fdc4ec8b78c5d7e6
ssdeep: 12288:6JKoHwfn/jz3bbO4Qag2I97PMieSLezPKT+BYvjenWHuhh9c0g8vkzK19QU:KEfDbO97P8TrK0YbenWH4c0g8vkzK19b
text: .rsrc
size-in-bytes: 1536
float: 3.3927625723408
hash: da27d86acfb9504441eebac21f66a5df
hash: 939387cdbb29755bf192c2bfce2701c1a27354a6
hash: 016bbefdcbda1e07eca63a07fabe2dad2b25a4b78cd0bc6564c6d0ad3a6b7523
hash: 713dece3f4687ea6e4591a7e9e3975ce0bfae2dda5a742b29e78ee5088ae148992995373177a1d5583c6da4877c99e813ba440e386705c2bd7b1ea8c2058e498
ssdeep: 24:YE66ZyxF4iPXOL1+N0MnaOL1hyYinXF4OL1F3YOL15PNMMDqMM:YrjleBw0MjBhyXBB9hB7MM2MM
text: .reloc
size-in-bytes: 512
float: 1.9473387961876
hash: a29f1db3dd779a4a629939ffeaa3835b
hash: c306017f3277b148c4a8914a6c4e46abc1496c94
hash: 6743e59441d06b5b27d6c2c9cc28ba3e4e81d8955aa0ecde9233cfac0b6e019b
hash: 17a273facc124e6696eb6e1dc7c1c81c7dd478f2bff5b9160b6678dca0e460235b1f4a013e49f389a1d8d06bc0ca4471500219ee85e533a64afd2441f9bccef3
ssdeep: 3:6/Pl:6/d
text: dll
text: 269460022
datetime: 2020-05-11T21:32:40+00:00
file: SolarWinds.Orion.Core.BusinessLayer.dll
file: SolarWinds.Orion.Core.BusinessLayer.dll
text: SolarWinds.Orion.Core.BusinessLayer
text: 2020.2.5300.12432
text: 000004b0
text: SolarWinds.Orion.Core.BusinessLayer
text: 2020.2.5300.12432
text: SolarWinds Worldwide, LLC.
text: Copyright © 1999-2020 SolarWinds Worldwide, LLC. All Rights Reserved.
counter: 3
file: ce77d116a074dab7a22a0fd4f2c1ab475f16eec42e1ded3c0b0aa8211fe858d6
size-in-bytes: 1028072
float: 5.5800537860468
hash: 846e27a652a5e1bfbd0ddd38a16dc865
hash: d130bd75645c2433f88ac03e73395fba172ef676
hash: ce77d116a074dab7a22a0fd4f2c1ab475f16eec42e1ded3c0b0aa8211fe858d6
hash: c26e275b4232be844f6c4062a4f42413099452085060ed4080b880b52800428cd32f69271c98977fa979a89355fbb3b485855ca3d51499bca12dfbf8c3168d2f
malware-sample: ce77d116a074dab7a22a0fd4f2c1ab475f16eec42e1ded3c0b0aa8211fe858d6|846e27a652a5e1bfbd0ddd38a16dc865
mime-type: PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
ssdeep: 12288:5JKoHwfn/jz3bbO4Qag2I97PMieSLezPKT+BYvjenWHuhh9c0g8vkzK19Q:vEfDbO97P8TrK0YbenWH4c0g8vkzK19
text: .text
size-in-bytes: 924672
float: 5.6441844251496
hash: cf450191b90401e1015aa2433d7d0b47
hash: e812fddc3c622905954663d30b25fa8adcca6850
hash: e29b19ea0c58095c3ab7a19374734bba58effb01498c3f748824fed32326cb06
hash: 612f4238bbf10e162cf33b6ec9e69d975fb67a1f78f9a6f5436460fcd7664909ab2aaceaa4466eaafdde23b62e2dffe51a4e5addcfc028211c77981f0d6f9d13
ssdeep: 24576:GdBfeHcrhCECR1R/zoi8SHoN0W8vB8O3IcL:qe8nK/zopSHoN0W8vB8u
text: .rsrc
size-in-bytes: 1536
float: 3.3987008123389
hash: 005f91999efb988bc401181d2cf103de
hash: 3a6f37bdbd8f812efd0805a5e14f468da79832cc
hash: 4497bf92f774c9d57a1ad1cf5842e82c94efe82adb78ff3a90a015376361b284
hash: 3da3a9c6f0e53126d2c2723262dbfb08716c02af82157a952da7f2d66540fafabe8db2e2f7c8091ec68f4463feb070bb37ae1b54c91a1d0a07fdf98a5518192e
ssdeep: 24:LXsfQMKyxF4iPXOL1XNN9aOL1hninXF4OL1F3YOL1sPNelvq:LXsnjleBHJBhmBB9hB86i
text: .reloc
size-in-bytes: 512
float: 1.9473387961876
hash: 32e87d188187fe9b9f6afd9de48a41d6
hash: 2e10d4aa9df60691736123b143dc3e1dc677330a
hash: ca16d1bd56e607403c1b0b5d74c6dc3b8366fa3d982146cc0ec2948099ecfbad
hash: 8e56b8ec1f8828ac8eef7bb7758987aad8f09be39ae0873c2c1ccefa49b8416a48787488ce21c96159cfa536f881151a3372e1cba0dc40b59f338329287fc010
ssdeep: 3:HlZn:r
text: dll
text: 269367810
datetime: 2019-10-10T13:26:39+00:00
file: SolarWinds.Orion.Core.BusinessLayer.dll
file: SolarWinds.Orion.Core.BusinessLayer.dll
text: SolarWinds.Orion.Core.BusinessLayer
text: 2019.4.5200.8890
text: 000004b0
text: SolarWinds.Orion.Core.BusinessLayer
text: 2019.4.5200.8890
text: SolarWinds Worldwide, LLC.
text: Copyright © 1999-2019 SolarWinds Worldwide, LLC. All Rights Reserved.
counter: 3
file: a25cadd48d70f6ea0c4a241d99c5241269e6faccb4054e62d16784640f8e53bc
size-in-bytes: 934232
float: 5.6560901874991
hash: e18a6a21eb44e77ca8d739a72209c370
hash: 5e643654179e8b4cfe1d3c1906a90a4c8d611cea
hash: a25cadd48d70f6ea0c4a241d99c5241269e6faccb4054e62d16784640f8e53bc
hash: 17b4de6158de054c02849bb728b9767208d3f07ef18d4dc41963a370d34e9dbcf7cc4b729726903f1a7afd4ef7e8c1d781c20a3049a2c160dede23614352f11c
malware-sample: a25cadd48d70f6ea0c4a241d99c5241269e6faccb4054e62d16784640f8e53bc|e18a6a21eb44e77ca8d739a72209c370
mime-type: PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
ssdeep: 24576:ldBfeHcrhCECR1R/zoi8SHoN0W8vB8O3Icu:5e8nK/zopSHoN0W8vB83
text: .text
size-in-bytes: 1018368
float: 5.5694865540978
hash: 26ec41a94ea4d2a3fbfebbe0a32cfa0b
hash: c83bb058abe34b411897a5feea274a4926ec20da
hash: 6127115190de534d0f57f23add63dbc8c414ed99789644c1fa7e932cdbb01519
hash: b4b49fe5725fe8807331672049dd4804929da896e63181eb7022825331fa64ec0eb18dd33c112688e23062b77248adf307151a3bcf71bd1816f5f79640abdc2f
ssdeep: 12288:6JKoHwfn/jz3bbO4Qag2I97PMieSLezPKT+cYvjenWHuhh9c0g8vkzE19Wa:KEfDbO97P8TrKhYbenWH4c0g8vkzE19j
text: .rsrc
size-in-bytes: 1536
float: 3.389713791853
hash: 9bd1855b2d66ddb1fb9bfb0be0907ac2
hash: d0b5359a9a5744d632dbd321ca3a00c1a3f547b9
hash: 7871935602a9354b0d04469b185dd7f20ddd0d80f45dd7946d6315c7352b8d8c
hash: 24b2c0c16a3e87a2469bf3315a59153f5ffb74518b50a1ee25cde89f81b919489dca38188f32ebe78b8d488dc30c291ebec665360240d926d297afba89942630
ssdeep: 24:YA66ZyxF4iPXOL1+N0ZaaOL1hyYinXF4OL1F3YOL15PNMZkqMZ:YPjleBw0gBhyXBB9hB7MzM
text: .reloc
size-in-bytes: 512
float: 1.9473387961876
hash: a29f1db3dd779a4a629939ffeaa3835b
hash: c306017f3277b148c4a8914a6c4e46abc1496c94
hash: 6743e59441d06b5b27d6c2c9cc28ba3e4e81d8955aa0ecde9233cfac0b6e019b
hash: 17a273facc124e6696eb6e1dc7c1c81c7dd478f2bff5b9160b6678dca0e460235b1f4a013e49f389a1d8d06bc0ca4471500219ee85e533a64afd2441f9bccef3
ssdeep: 3:6/Pl:6/d
text: dll
text: 269460022
datetime: 2020-04-21T14:53:33+00:00
file: SolarWinds.Orion.Core.BusinessLayer.dll
file: SolarWinds.Orion.Core.BusinessLayer.dll
text: SolarWinds.Orion.Core.BusinessLayer
text: 2020.2.5200.12394
text: 000004b0
text: SolarWinds.Orion.Core.BusinessLayer
text: 2020.2.5200.12394
text: SolarWinds Worldwide, LLC.
text: Copyright © 1999-2020 SolarWinds Worldwide, LLC. All Rights Reserved.
counter: 3
file: 019085a76ba7126fff22770d71bd901c325fc68ac55aa743327984e89f4b0134
size-in-bytes: 1028072
float: 5.5799968662039
hash: 2c4a910a1299cdae2a4e55988a2f102e
hash: 2f1a5a7411d015d01aaee4535835400191645023
hash: 019085a76ba7126fff22770d71bd901c325fc68ac55aa743327984e89f4b0134
hash: 5cbfefe612a40c8872a0faf3db8d3835dc514fb3df159610095b47c595c6caa1ada79cce2b10fb99e648990c3f54f63344d1fa7025090bfcd4e2c55d7210a28d
malware-sample: 019085a76ba7126fff22770d71bd901c325fc68ac55aa743327984e89f4b0134|2c4a910a1299cdae2a4e55988a2f102e
mime-type: PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
ssdeep: 12288:dJKoHwfn/jz3bbO4Qag2I97PMieSLezPKT+cYvjenWHuhh9c0g8vkzE19Wv:rEfDbO97P8TrKhYbenWH4c0g8vkzE19e
text: .text
size-in-bytes: 1001472
float: 5.5697311444704
hash: c4a55257e26e3b07339fa125f5223a72
hash: 6c2e6a1b9ebb7d0eedb9e11d8017ff6c795b9b98
hash: 9e1e82ad740aba788850c5529e3eb84681b0a53b6c76ff5eadc6cb762823dba3
hash: 131e0b4fff35499da6e33f099f8fe96de1a65deec9522becbc8e55d0470f42f8d58cc2f3678eb2a82667bdcd96ed0f587464917290904f989678788a497849db
ssdeep: 12288:0x7m/z9aEBzvnvLtYAi6uLlYQ69BBpIvF1tjpH7BKi+0A8vca9owY:PaEBTvRBi6uL6dIvDtjpH9+0A8vca9oj
text: .rsrc
size-in-bytes: 1536
float: 3.4018646666713
hash: 7454e0d2a852d8d802490dbc6c07f42e
hash: b54275dd4daaa9467f91955b5b4670c20dfc4e49
hash: e63d0b1280cd09f3d9236c4a7e428a000f0f87c6a707dbe2a6b5df3ceb24b48d
hash: d982e2edba71923c7f9c4fdff636995fb475ba4146ea66dcb28b2b24c0e7f81742b4109ee9900ae7f9442ded32f1412311766cd374d88abdff2da317f752708d
ssdeep: 24:wpyQMKyxF4iPXOL1XNNP+aOL1hyYinXF4OL1F3YOL1sPN3Flvq3:wp2jleBHSBhyXBB9hB8Pi
text: .reloc
size-in-bytes: 512
float: 1.9473387961876
hash: 89642b60883c693211567f54fcde5631
hash: 0161b4dc14ed849384714b7d48e4ce8e31cee22d
hash: 7e9191e9c1bd9624a97b0147d173abe2556a3b319dc1e1805d6ca2abc49c054b
hash: 32837f59e1063a10eff10e71f8ab2f78205122c136ac48bd1e73cb877b375da94c4f6553e84a7080c3a36b8af4461efad16ab251c2c777100b69fb44826aa3cf
ssdeep: 3:L:L
text: dll
text: 269443494
datetime: 2020-03-24T08:52:34+00:00
file: SolarWinds.Orion.Core.BusinessLayer.dll
file: SolarWinds.Orion.Core.BusinessLayer.dll
text: SolarWinds.Orion.Core.BusinessLayer
text: 2019.4.5200.9083
text: 000004b0
text: SolarWinds.Orion.Core.BusinessLayer
text: 2019.4.5200.9083
text: SolarWinds Worldwide, LLC.
text: Copyright © 1999-2020 SolarWinds Worldwide, LLC. All Rights Reserved.
counter: 3
file: 32519b85c0b422e4656de6e6c41878e95fd95026267daab4215ee59c107d6c77
size-in-bytes: 1011032
float: 5.5828269967379
hash: b91ce2fa41029f6955bff20079468448
hash: 76640508b1e7759e548771a5359eaed353bf1eec
hash: 32519b85c0b422e4656de6e6c41878e95fd95026267daab4215ee59c107d6c77
hash: 6a81f082f36ccbda48070772c5a97e1d7de61ad77465e7befe8cbd97df40dcc5da09c461311708e3d57527e323484b05cfd3e72a3c70e106e47f44cc77584bd7
malware-sample: 32519b85c0b422e4656de6e6c41878e95fd95026267daab4215ee59c107d6c77|b91ce2fa41029f6955bff20079468448
mime-type: PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
ssdeep: 12288:Zx7m/z9aEBzvnvLtYAi6uLlYQ69BBpIvF1tjpH7BKi+0A8vca9owQ:6aEBTvRBi6uL6dIvDtjpH9+0A8vca9oD
text: .text
size-in-bytes: 5632
float: 5.4919156876928
hash: 2109d02a31c7032f2bcabdf436b6726e
hash: 84d90343ae39a961e9e0f92127333b9cc9d62d33
hash: f04e002613102c556260dc57c5accb5db70b427a9c2fdd6f51419ff53499f173
hash: 3c343696c837d1efc28ae4a688b863c4dff41e3b80047cd2ec6c9d571a3f677f8c750a5dabc7530c56d04749e0972d4d13403f05d10635a69ac82707bc984f8d
ssdeep: 96:DKQSUZZa5aE8ibv1c8M1UBDawAjNXe+U8w15Gl+5DDGTBNF82gx:vqRzbt0GBDawA5uT8wSlyDDGTBNFS
text: .rsrc
size-in-bytes: 1024
float: 3.1419883961028
hash: 27193464e3effc6950cde66a4ad4757a
hash: 01d5d5696eadc1963ccbbf7ff2f79ba482ed17e1
hash: a4c3bc5b8ba65bfff823212b5f2d76f618cbb12fd1e17db85ed1bbff35783336
hash: 394e55d211fd73d6d5a5aaabeeb6f0330cd6b6fba40a07bcdd789976097875da6d130ba8308478a1991d0217f0b22b0159f07232e7119dc36367784b176ae1e7
ssdeep: 12:Essi3ntuAHeswYAB19aUGiqMZAiN5Eryi1qD41hPvYnqqf1qD41hoPN5Dlq5J:lIfs1FuZhNu8+PWN8+oPNnqX
text: .reloc
size-in-bytes: 512
float: 1.5849625007212
hash: 6a8e92fdd78e813e24abd0a0932052b9
hash: 76e3423312516772e053f5d1861163dd27e99a8c
hash: f81e587fb1c7b55c7daeeee2bca68e619df3c815b316e439ef006fd91894aa09
hash: e91dae684ce94faddd8a4b69d745524f15494f22a55b87d4ef1dd5fa3b78e017a911d55148819ca2736e4c500742f82584dbb6cb9aa3a0b61fadf91a56b0dc3c
ssdeep: 3:n:n
text: dll
text: 268448958
datetime: 2020-03-24T09:16:10+00:00
file: App_Web_logoimagehandler.ashx.b6031896.dll
file: App_Web_logoimagehandler.ashx.b6031896.dll
text: 0.0.0.0
text: 000004b0
text: 0.0.0.0
counter: 3
file: c15abaf51e78ca56c0376522d699c978217bf041a3bd3c71d09193efa5717c71
size-in-bytes: 7680
float: 4.6224498216263
hash: 56ceb6d0011d87b6e4d7023d7ef85676
hash: 75af292f34789a1c782ea36c7127bf6106f595e8
hash: c15abaf51e78ca56c0376522d699c978217bf041a3bd3c71d09193efa5717c71
hash: f7eac6ab99fe45ca46417cdca36ba27560d5f8a2f37f378ba97636662595d55fa34f749716971aa96a862e37e0199eb6cb905636e6ab0123cfa089adba450629
malware-sample: c15abaf51e78ca56c0376522d699c978217bf041a3bd3c71d09193efa5717c71|56ceb6d0011d87b6e4d7023d7ef85676
mime-type: PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
ssdeep: 192:8/SqRzbt0GBDawA5uT8wSlyDDGTBNFkQ:8/SyHKGBDax5uThDD6BNr
hash: 3e329a4c9030b26ba152fb602a1d5893
hash: ebe711516d0f5cd8126f4d53e375c90b7b95e8f2
hash: d3c6785e18fba3749fb785bc313cf8346182f532c59172b69adfb31b96a5d0af
datetime: 2020-12-14T06:35:21+00:00
link: https://www.virustotal.com/gui/file/d3c6785e18fba3749fb785bc313cf8346182f532c59172b69adfb31b96a5d0af/detection/f-d3c6785e18fba3749fb785bc313cf8346182f532c59172b69adfb31b96a5d0af-1607927721
text: 0/70
datetime: 2020-12-14T06:24:36+00:00
link: https://www.virustotal.com/gui/file/019085a76ba7126fff22770d71bd901c325fc68ac55aa743327984e89f4b0134/detection/f-019085a76ba7126fff22770d71bd901c325fc68ac55aa743327984e89f4b0134-1607927076
text: 4/69
datetime: 2020-12-14T06:47:17+00:00
link: https://www.virustotal.com/gui/file/c15abaf51e78ca56c0376522d699c978217bf041a3bd3c71d09193efa5717c71/detection/f-c15abaf51e78ca56c0376522d699c978217bf041a3bd3c71d09193efa5717c71-1607928437
text: 2/69
datetime: 2020-12-14T07:32:31+00:00
link: https://www.virustotal.com/gui/file/32519b85c0b422e4656de6e6c41878e95fd95026267daab4215ee59c107d6c77/detection/f-32519b85c0b422e4656de6e6c41878e95fd95026267daab4215ee59c107d6c77-1607931151
text: 5/69
datetime: 2020-12-14T07:28:34+00:00
link: https://www.virustotal.com/gui/file/ce77d116a074dab7a22a0fd4f2c1ab475f16eec42e1ded3c0b0aa8211fe858d6/detection/f-ce77d116a074dab7a22a0fd4f2c1ab475f16eec42e1ded3c0b0aa8211fe858d6-1607930914
text: 6/70

OSINT - UNC2452 / SUNBURST @vxunderground OSINT related findings

Severity: high

Type: unknown

OSINT - UNC2452 / SUNBURST @vxunderground OSINT related findings

Technical Summary

Potential Impact

Mitigation Recommendations

Affected Countries

United Kingdom, Germany, France, Netherlands, Italy, Spain, Belgium, Sweden, Poland

Indicators of Compromise

hash: 1acf3108bf1e376c8848fbb25dc87424f2c2a39c
hash: e257236206e99f5a5c62035c9c59c57206728b28
hash: bcb5a4dcbc60d26a5f619518f2cfc1b4bb4e4387
hash: 5e643654179e8b4cfe1d3c1906a90a4c8d611cea
hash: ebe711516d0f5cd8126f4d53e375c90b7b95e8f2
link: https://vxug.fakedoma.in/samples/Exotic/UNC2452/SolarWinds%20Breach/
text: .text
size-in-bytes: 1018368
float: 5.5695446259584
hash: 5a1c26db5b9b9a2d0a630e63ff83f0bf
hash: 18ea74745f5c8992a95ae40bfe2158c8d7e34acf
hash: 02811d870295f78bf9aa3c9f42ca11f2838171fe73e70dbbc158fae590161573
hash: c0e04da710f18443018aeef4ab387903f93f95a42b700a3a88b3ea7c35ae3821850f1583494172f5650a69a9acf8f9d63d1fca22aac115f1fdc4ec8b78c5d7e6
ssdeep: 12288:6JKoHwfn/jz3bbO4Qag2I97PMieSLezPKT+BYvjenWHuhh9c0g8vkzK19QU:KEfDbO97P8TrK0YbenWH4c0g8vkzK19b
text: .rsrc
size-in-bytes: 1536
float: 3.3927625723408
hash: da27d86acfb9504441eebac21f66a5df
hash: 939387cdbb29755bf192c2bfce2701c1a27354a6
hash: 016bbefdcbda1e07eca63a07fabe2dad2b25a4b78cd0bc6564c6d0ad3a6b7523
hash: 713dece3f4687ea6e4591a7e9e3975ce0bfae2dda5a742b29e78ee5088ae148992995373177a1d5583c6da4877c99e813ba440e386705c2bd7b1ea8c2058e498
ssdeep: 24:YE66ZyxF4iPXOL1+N0MnaOL1hyYinXF4OL1F3YOL15PNMMDqMM:YrjleBw0MjBhyXBB9hB7MM2MM
text: .reloc
size-in-bytes: 512
float: 1.9473387961876
hash: a29f1db3dd779a4a629939ffeaa3835b
hash: c306017f3277b148c4a8914a6c4e46abc1496c94
hash: 6743e59441d06b5b27d6c2c9cc28ba3e4e81d8955aa0ecde9233cfac0b6e019b
hash: 17a273facc124e6696eb6e1dc7c1c81c7dd478f2bff5b9160b6678dca0e460235b1f4a013e49f389a1d8d06bc0ca4471500219ee85e533a64afd2441f9bccef3
ssdeep: 3:6/Pl:6/d
text: dll
text: 269460022
datetime: 2020-05-11T21:32:40+00:00
file: SolarWinds.Orion.Core.BusinessLayer.dll
file: SolarWinds.Orion.Core.BusinessLayer.dll
text: SolarWinds.Orion.Core.BusinessLayer
text: 2020.2.5300.12432
text: 000004b0
text: SolarWinds.Orion.Core.BusinessLayer
text: 2020.2.5300.12432
text: SolarWinds Worldwide, LLC.
text: Copyright © 1999-2020 SolarWinds Worldwide, LLC. All Rights Reserved.
counter: 3
file: ce77d116a074dab7a22a0fd4f2c1ab475f16eec42e1ded3c0b0aa8211fe858d6
size-in-bytes: 1028072
float: 5.5800537860468
hash: 846e27a652a5e1bfbd0ddd38a16dc865
hash: d130bd75645c2433f88ac03e73395fba172ef676
hash: ce77d116a074dab7a22a0fd4f2c1ab475f16eec42e1ded3c0b0aa8211fe858d6
hash: c26e275b4232be844f6c4062a4f42413099452085060ed4080b880b52800428cd32f69271c98977fa979a89355fbb3b485855ca3d51499bca12dfbf8c3168d2f
malware-sample: ce77d116a074dab7a22a0fd4f2c1ab475f16eec42e1ded3c0b0aa8211fe858d6|846e27a652a5e1bfbd0ddd38a16dc865
mime-type: PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
ssdeep: 12288:5JKoHwfn/jz3bbO4Qag2I97PMieSLezPKT+BYvjenWHuhh9c0g8vkzK19Q:vEfDbO97P8TrK0YbenWH4c0g8vkzK19
text: .text
size-in-bytes: 924672
float: 5.6441844251496
hash: cf450191b90401e1015aa2433d7d0b47
hash: e812fddc3c622905954663d30b25fa8adcca6850
hash: e29b19ea0c58095c3ab7a19374734bba58effb01498c3f748824fed32326cb06
hash: 612f4238bbf10e162cf33b6ec9e69d975fb67a1f78f9a6f5436460fcd7664909ab2aaceaa4466eaafdde23b62e2dffe51a4e5addcfc028211c77981f0d6f9d13
ssdeep: 24576:GdBfeHcrhCECR1R/zoi8SHoN0W8vB8O3IcL:qe8nK/zopSHoN0W8vB8u
text: .rsrc
size-in-bytes: 1536
float: 3.3987008123389
hash: 005f91999efb988bc401181d2cf103de
hash: 3a6f37bdbd8f812efd0805a5e14f468da79832cc
hash: 4497bf92f774c9d57a1ad1cf5842e82c94efe82adb78ff3a90a015376361b284
hash: 3da3a9c6f0e53126d2c2723262dbfb08716c02af82157a952da7f2d66540fafabe8db2e2f7c8091ec68f4463feb070bb37ae1b54c91a1d0a07fdf98a5518192e
ssdeep: 24:LXsfQMKyxF4iPXOL1XNN9aOL1hninXF4OL1F3YOL1sPNelvq:LXsnjleBHJBhmBB9hB86i
text: .reloc
size-in-bytes: 512
float: 1.9473387961876
hash: 32e87d188187fe9b9f6afd9de48a41d6
hash: 2e10d4aa9df60691736123b143dc3e1dc677330a
hash: ca16d1bd56e607403c1b0b5d74c6dc3b8366fa3d982146cc0ec2948099ecfbad
hash: 8e56b8ec1f8828ac8eef7bb7758987aad8f09be39ae0873c2c1ccefa49b8416a48787488ce21c96159cfa536f881151a3372e1cba0dc40b59f338329287fc010
ssdeep: 3:HlZn:r
text: dll
text: 269367810
datetime: 2019-10-10T13:26:39+00:00
file: SolarWinds.Orion.Core.BusinessLayer.dll
file: SolarWinds.Orion.Core.BusinessLayer.dll
text: SolarWinds.Orion.Core.BusinessLayer
text: 2019.4.5200.8890
text: 000004b0
text: SolarWinds.Orion.Core.BusinessLayer
text: 2019.4.5200.8890
text: SolarWinds Worldwide, LLC.
text: Copyright © 1999-2019 SolarWinds Worldwide, LLC. All Rights Reserved.
counter: 3
file: a25cadd48d70f6ea0c4a241d99c5241269e6faccb4054e62d16784640f8e53bc
size-in-bytes: 934232
float: 5.6560901874991
hash: e18a6a21eb44e77ca8d739a72209c370
hash: 5e643654179e8b4cfe1d3c1906a90a4c8d611cea
hash: a25cadd48d70f6ea0c4a241d99c5241269e6faccb4054e62d16784640f8e53bc
hash: 17b4de6158de054c02849bb728b9767208d3f07ef18d4dc41963a370d34e9dbcf7cc4b729726903f1a7afd4ef7e8c1d781c20a3049a2c160dede23614352f11c
malware-sample: a25cadd48d70f6ea0c4a241d99c5241269e6faccb4054e62d16784640f8e53bc|e18a6a21eb44e77ca8d739a72209c370
mime-type: PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
ssdeep: 24576:ldBfeHcrhCECR1R/zoi8SHoN0W8vB8O3Icu:5e8nK/zopSHoN0W8vB83
text: .text
size-in-bytes: 1018368
float: 5.5694865540978
hash: 26ec41a94ea4d2a3fbfebbe0a32cfa0b
hash: c83bb058abe34b411897a5feea274a4926ec20da
hash: 6127115190de534d0f57f23add63dbc8c414ed99789644c1fa7e932cdbb01519
hash: b4b49fe5725fe8807331672049dd4804929da896e63181eb7022825331fa64ec0eb18dd33c112688e23062b77248adf307151a3bcf71bd1816f5f79640abdc2f
ssdeep: 12288:6JKoHwfn/jz3bbO4Qag2I97PMieSLezPKT+cYvjenWHuhh9c0g8vkzE19Wa:KEfDbO97P8TrKhYbenWH4c0g8vkzE19j
text: .rsrc
size-in-bytes: 1536
float: 3.389713791853
hash: 9bd1855b2d66ddb1fb9bfb0be0907ac2
hash: d0b5359a9a5744d632dbd321ca3a00c1a3f547b9
hash: 7871935602a9354b0d04469b185dd7f20ddd0d80f45dd7946d6315c7352b8d8c
hash: 24b2c0c16a3e87a2469bf3315a59153f5ffb74518b50a1ee25cde89f81b919489dca38188f32ebe78b8d488dc30c291ebec665360240d926d297afba89942630
ssdeep: 24:YA66ZyxF4iPXOL1+N0ZaaOL1hyYinXF4OL1F3YOL15PNMZkqMZ:YPjleBw0gBhyXBB9hB7MzM
text: .reloc
size-in-bytes: 512
float: 1.9473387961876
hash: a29f1db3dd779a4a629939ffeaa3835b
hash: c306017f3277b148c4a8914a6c4e46abc1496c94
hash: 6743e59441d06b5b27d6c2c9cc28ba3e4e81d8955aa0ecde9233cfac0b6e019b
hash: 17a273facc124e6696eb6e1dc7c1c81c7dd478f2bff5b9160b6678dca0e460235b1f4a013e49f389a1d8d06bc0ca4471500219ee85e533a64afd2441f9bccef3
ssdeep: 3:6/Pl:6/d
text: dll
text: 269460022
datetime: 2020-04-21T14:53:33+00:00
file: SolarWinds.Orion.Core.BusinessLayer.dll
file: SolarWinds.Orion.Core.BusinessLayer.dll
text: SolarWinds.Orion.Core.BusinessLayer
text: 2020.2.5200.12394
text: 000004b0
text: SolarWinds.Orion.Core.BusinessLayer
text: 2020.2.5200.12394
text: SolarWinds Worldwide, LLC.
text: Copyright © 1999-2020 SolarWinds Worldwide, LLC. All Rights Reserved.
counter: 3
file: 019085a76ba7126fff22770d71bd901c325fc68ac55aa743327984e89f4b0134
size-in-bytes: 1028072
float: 5.5799968662039
hash: 2c4a910a1299cdae2a4e55988a2f102e
hash: 2f1a5a7411d015d01aaee4535835400191645023
hash: 019085a76ba7126fff22770d71bd901c325fc68ac55aa743327984e89f4b0134
hash: 5cbfefe612a40c8872a0faf3db8d3835dc514fb3df159610095b47c595c6caa1ada79cce2b10fb99e648990c3f54f63344d1fa7025090bfcd4e2c55d7210a28d
malware-sample: 019085a76ba7126fff22770d71bd901c325fc68ac55aa743327984e89f4b0134|2c4a910a1299cdae2a4e55988a2f102e
mime-type: PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
ssdeep: 12288:dJKoHwfn/jz3bbO4Qag2I97PMieSLezPKT+cYvjenWHuhh9c0g8vkzE19Wv:rEfDbO97P8TrKhYbenWH4c0g8vkzE19e
text: .text
size-in-bytes: 1001472
float: 5.5697311444704
hash: c4a55257e26e3b07339fa125f5223a72
hash: 6c2e6a1b9ebb7d0eedb9e11d8017ff6c795b9b98
hash: 9e1e82ad740aba788850c5529e3eb84681b0a53b6c76ff5eadc6cb762823dba3
hash: 131e0b4fff35499da6e33f099f8fe96de1a65deec9522becbc8e55d0470f42f8d58cc2f3678eb2a82667bdcd96ed0f587464917290904f989678788a497849db
ssdeep: 12288:0x7m/z9aEBzvnvLtYAi6uLlYQ69BBpIvF1tjpH7BKi+0A8vca9owY:PaEBTvRBi6uL6dIvDtjpH9+0A8vca9oj
text: .rsrc
size-in-bytes: 1536
float: 3.4018646666713
hash: 7454e0d2a852d8d802490dbc6c07f42e
hash: b54275dd4daaa9467f91955b5b4670c20dfc4e49
hash: e63d0b1280cd09f3d9236c4a7e428a000f0f87c6a707dbe2a6b5df3ceb24b48d
hash: d982e2edba71923c7f9c4fdff636995fb475ba4146ea66dcb28b2b24c0e7f81742b4109ee9900ae7f9442ded32f1412311766cd374d88abdff2da317f752708d
ssdeep: 24:wpyQMKyxF4iPXOL1XNNP+aOL1hyYinXF4OL1F3YOL1sPN3Flvq3:wp2jleBHSBhyXBB9hB8Pi
text: .reloc
size-in-bytes: 512
float: 1.9473387961876
hash: 89642b60883c693211567f54fcde5631
hash: 0161b4dc14ed849384714b7d48e4ce8e31cee22d
hash: 7e9191e9c1bd9624a97b0147d173abe2556a3b319dc1e1805d6ca2abc49c054b
hash: 32837f59e1063a10eff10e71f8ab2f78205122c136ac48bd1e73cb877b375da94c4f6553e84a7080c3a36b8af4461efad16ab251c2c777100b69fb44826aa3cf
ssdeep: 3:L:L
text: dll
text: 269443494
datetime: 2020-03-24T08:52:34+00:00
file: SolarWinds.Orion.Core.BusinessLayer.dll
file: SolarWinds.Orion.Core.BusinessLayer.dll
text: SolarWinds.Orion.Core.BusinessLayer
text: 2019.4.5200.9083
text: 000004b0
text: SolarWinds.Orion.Core.BusinessLayer
text: 2019.4.5200.9083
text: SolarWinds Worldwide, LLC.
text: Copyright © 1999-2020 SolarWinds Worldwide, LLC. All Rights Reserved.
counter: 3
file: 32519b85c0b422e4656de6e6c41878e95fd95026267daab4215ee59c107d6c77
size-in-bytes: 1011032
float: 5.5828269967379
hash: b91ce2fa41029f6955bff20079468448
hash: 76640508b1e7759e548771a5359eaed353bf1eec
hash: 32519b85c0b422e4656de6e6c41878e95fd95026267daab4215ee59c107d6c77
hash: 6a81f082f36ccbda48070772c5a97e1d7de61ad77465e7befe8cbd97df40dcc5da09c461311708e3d57527e323484b05cfd3e72a3c70e106e47f44cc77584bd7
malware-sample: 32519b85c0b422e4656de6e6c41878e95fd95026267daab4215ee59c107d6c77|b91ce2fa41029f6955bff20079468448
mime-type: PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
ssdeep: 12288:Zx7m/z9aEBzvnvLtYAi6uLlYQ69BBpIvF1tjpH7BKi+0A8vca9owQ:6aEBTvRBi6uL6dIvDtjpH9+0A8vca9oD
text: .text
size-in-bytes: 5632
float: 5.4919156876928
hash: 2109d02a31c7032f2bcabdf436b6726e
hash: 84d90343ae39a961e9e0f92127333b9cc9d62d33
hash: f04e002613102c556260dc57c5accb5db70b427a9c2fdd6f51419ff53499f173
hash: 3c343696c837d1efc28ae4a688b863c4dff41e3b80047cd2ec6c9d571a3f677f8c750a5dabc7530c56d04749e0972d4d13403f05d10635a69ac82707bc984f8d
ssdeep: 96:DKQSUZZa5aE8ibv1c8M1UBDawAjNXe+U8w15Gl+5DDGTBNF82gx:vqRzbt0GBDawA5uT8wSlyDDGTBNFS
text: .rsrc
size-in-bytes: 1024
float: 3.1419883961028
hash: 27193464e3effc6950cde66a4ad4757a
hash: 01d5d5696eadc1963ccbbf7ff2f79ba482ed17e1
hash: a4c3bc5b8ba65bfff823212b5f2d76f618cbb12fd1e17db85ed1bbff35783336
hash: 394e55d211fd73d6d5a5aaabeeb6f0330cd6b6fba40a07bcdd789976097875da6d130ba8308478a1991d0217f0b22b0159f07232e7119dc36367784b176ae1e7
ssdeep: 12:Essi3ntuAHeswYAB19aUGiqMZAiN5Eryi1qD41hPvYnqqf1qD41hoPN5Dlq5J:lIfs1FuZhNu8+PWN8+oPNnqX
text: .reloc
size-in-bytes: 512
float: 1.5849625007212
hash: 6a8e92fdd78e813e24abd0a0932052b9
hash: 76e3423312516772e053f5d1861163dd27e99a8c
hash: f81e587fb1c7b55c7daeeee2bca68e619df3c815b316e439ef006fd91894aa09
hash: e91dae684ce94faddd8a4b69d745524f15494f22a55b87d4ef1dd5fa3b78e017a911d55148819ca2736e4c500742f82584dbb6cb9aa3a0b61fadf91a56b0dc3c
ssdeep: 3:n:n
text: dll
text: 268448958
datetime: 2020-03-24T09:16:10+00:00
file: App_Web_logoimagehandler.ashx.b6031896.dll
file: App_Web_logoimagehandler.ashx.b6031896.dll
text: 0.0.0.0
text: 000004b0
text: 0.0.0.0
counter: 3
file: c15abaf51e78ca56c0376522d699c978217bf041a3bd3c71d09193efa5717c71
size-in-bytes: 7680
float: 4.6224498216263
hash: 56ceb6d0011d87b6e4d7023d7ef85676
hash: 75af292f34789a1c782ea36c7127bf6106f595e8
hash: c15abaf51e78ca56c0376522d699c978217bf041a3bd3c71d09193efa5717c71
hash: f7eac6ab99fe45ca46417cdca36ba27560d5f8a2f37f378ba97636662595d55fa34f749716971aa96a862e37e0199eb6cb905636e6ab0123cfa089adba450629
malware-sample: c15abaf51e78ca56c0376522d699c978217bf041a3bd3c71d09193efa5717c71|56ceb6d0011d87b6e4d7023d7ef85676
mime-type: PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
ssdeep: 192:8/SqRzbt0GBDawA5uT8wSlyDDGTBNFkQ:8/SyHKGBDax5uThDD6BNr
hash: 3e329a4c9030b26ba152fb602a1d5893
hash: ebe711516d0f5cd8126f4d53e375c90b7b95e8f2
hash: d3c6785e18fba3749fb785bc313cf8346182f532c59172b69adfb31b96a5d0af
datetime: 2020-12-14T06:35:21+00:00
link: https://www.virustotal.com/gui/file/d3c6785e18fba3749fb785bc313cf8346182f532c59172b69adfb31b96a5d0af/detection/f-d3c6785e18fba3749fb785bc313cf8346182f532c59172b69adfb31b96a5d0af-1607927721
text: 0/70
datetime: 2020-12-14T06:24:36+00:00
link: https://www.virustotal.com/gui/file/019085a76ba7126fff22770d71bd901c325fc68ac55aa743327984e89f4b0134/detection/f-019085a76ba7126fff22770d71bd901c325fc68ac55aa743327984e89f4b0134-1607927076
text: 4/69
datetime: 2020-12-14T06:47:17+00:00
link: https://www.virustotal.com/gui/file/c15abaf51e78ca56c0376522d699c978217bf041a3bd3c71d09193efa5717c71/detection/f-c15abaf51e78ca56c0376522d699c978217bf041a3bd3c71d09193efa5717c71-1607928437
text: 2/69
datetime: 2020-12-14T07:32:31+00:00
link: https://www.virustotal.com/gui/file/32519b85c0b422e4656de6e6c41878e95fd95026267daab4215ee59c107d6c77/detection/f-32519b85c0b422e4656de6e6c41878e95fd95026267daab4215ee59c107d6c77-1607931151
text: 5/69
datetime: 2020-12-14T07:28:34+00:00
link: https://www.virustotal.com/gui/file/ce77d116a074dab7a22a0fd4f2c1ab475f16eec42e1ded3c0b0aa8211fe858d6/detection/f-ce77d116a074dab7a22a0fd4f2c1ab475f16eec42e1ded3c0b0aa8211fe858d6-1607930914
text: 6/70

Source: CIRCL OSINT Feed

Published: Mon Dec 14 2020

OSINT - UNC2452 / SUNBURST @vxunderground OSINT related findings

High

Unknowntype:osint osint:lifetime="perpetual"osint:certainty="50"tlp:white

Published: Mon Dec 14 2020 (12/14/2020, 00:00:00 UTC)

Source: CIRCL OSINT Feed

Vendor/Project: type

Product: osint

Description

OSINT - UNC2452 / SUNBURST @vxunderground OSINT related findings

AI-Powered Analysis

Machine-generated threat intelligence

AILast updated: 12/24/2025, 06:11:37 UTC

Technical Analysis

Potential Impact

Mitigation Recommendations

Affected Countries

Pro Console: star threats, build custom feeds, automate alerts via Slack, email & webhooks.Upgrade to Pro

Technical Details

Uuid: f78232e7-0b7a-49f7-9e57-1482db2b6335
Original Timestamp: 1607931286

Indicators of Compromise

Hash

Value	Description	Copy
hash1acf3108bf1e376c8848fbb25dc87424f2c2a39c	—
hashe257236206e99f5a5c62035c9c59c57206728b28	—
hashbcb5a4dcbc60d26a5f619518f2cfc1b4bb4e4387	—
hash5e643654179e8b4cfe1d3c1906a90a4c8d611cea	—
hashebe711516d0f5cd8126f4d53e375c90b7b95e8f2	—
hash5a1c26db5b9b9a2d0a630e63ff83f0bf	—
hash18ea74745f5c8992a95ae40bfe2158c8d7e34acf	—
hash02811d870295f78bf9aa3c9f42ca11f2838171fe73e70dbbc158fae590161573	—
hashc0e04da710f18443018aeef4ab387903f93f95a42b700a3a88b3ea7c35ae3821850f1583494172f5650a69a9acf8f9d63d1fca22aac115f1fdc4ec8b78c5d7e6	—
hashda27d86acfb9504441eebac21f66a5df	—
hash939387cdbb29755bf192c2bfce2701c1a27354a6	—
hash016bbefdcbda1e07eca63a07fabe2dad2b25a4b78cd0bc6564c6d0ad3a6b7523	—
hash713dece3f4687ea6e4591a7e9e3975ce0bfae2dda5a742b29e78ee5088ae148992995373177a1d5583c6da4877c99e813ba440e386705c2bd7b1ea8c2058e498	—
hasha29f1db3dd779a4a629939ffeaa3835b	—
hashc306017f3277b148c4a8914a6c4e46abc1496c94	—
hash6743e59441d06b5b27d6c2c9cc28ba3e4e81d8955aa0ecde9233cfac0b6e019b	—
hash17a273facc124e6696eb6e1dc7c1c81c7dd478f2bff5b9160b6678dca0e460235b1f4a013e49f389a1d8d06bc0ca4471500219ee85e533a64afd2441f9bccef3	—
hash846e27a652a5e1bfbd0ddd38a16dc865	—
hashd130bd75645c2433f88ac03e73395fba172ef676	—
hashce77d116a074dab7a22a0fd4f2c1ab475f16eec42e1ded3c0b0aa8211fe858d6	—
hashc26e275b4232be844f6c4062a4f42413099452085060ed4080b880b52800428cd32f69271c98977fa979a89355fbb3b485855ca3d51499bca12dfbf8c3168d2f	—
hashcf450191b90401e1015aa2433d7d0b47	—
hashe812fddc3c622905954663d30b25fa8adcca6850	—
hashe29b19ea0c58095c3ab7a19374734bba58effb01498c3f748824fed32326cb06	—
hash612f4238bbf10e162cf33b6ec9e69d975fb67a1f78f9a6f5436460fcd7664909ab2aaceaa4466eaafdde23b62e2dffe51a4e5addcfc028211c77981f0d6f9d13	—
hash005f91999efb988bc401181d2cf103de	—
hash3a6f37bdbd8f812efd0805a5e14f468da79832cc	—
hash4497bf92f774c9d57a1ad1cf5842e82c94efe82adb78ff3a90a015376361b284	—
hash3da3a9c6f0e53126d2c2723262dbfb08716c02af82157a952da7f2d66540fafabe8db2e2f7c8091ec68f4463feb070bb37ae1b54c91a1d0a07fdf98a5518192e	—
hash32e87d188187fe9b9f6afd9de48a41d6	—
hash2e10d4aa9df60691736123b143dc3e1dc677330a	—
hashca16d1bd56e607403c1b0b5d74c6dc3b8366fa3d982146cc0ec2948099ecfbad	—
hash8e56b8ec1f8828ac8eef7bb7758987aad8f09be39ae0873c2c1ccefa49b8416a48787488ce21c96159cfa536f881151a3372e1cba0dc40b59f338329287fc010	—
hashe18a6a21eb44e77ca8d739a72209c370	—
hash5e643654179e8b4cfe1d3c1906a90a4c8d611cea	—
hasha25cadd48d70f6ea0c4a241d99c5241269e6faccb4054e62d16784640f8e53bc	—
hash17b4de6158de054c02849bb728b9767208d3f07ef18d4dc41963a370d34e9dbcf7cc4b729726903f1a7afd4ef7e8c1d781c20a3049a2c160dede23614352f11c	—
hash26ec41a94ea4d2a3fbfebbe0a32cfa0b	—
hashc83bb058abe34b411897a5feea274a4926ec20da	—
hash6127115190de534d0f57f23add63dbc8c414ed99789644c1fa7e932cdbb01519	—
hashb4b49fe5725fe8807331672049dd4804929da896e63181eb7022825331fa64ec0eb18dd33c112688e23062b77248adf307151a3bcf71bd1816f5f79640abdc2f	—
hash9bd1855b2d66ddb1fb9bfb0be0907ac2	—
hashd0b5359a9a5744d632dbd321ca3a00c1a3f547b9	—
hash7871935602a9354b0d04469b185dd7f20ddd0d80f45dd7946d6315c7352b8d8c	—
hash24b2c0c16a3e87a2469bf3315a59153f5ffb74518b50a1ee25cde89f81b919489dca38188f32ebe78b8d488dc30c291ebec665360240d926d297afba89942630	—
hasha29f1db3dd779a4a629939ffeaa3835b	—
hashc306017f3277b148c4a8914a6c4e46abc1496c94	—
hash6743e59441d06b5b27d6c2c9cc28ba3e4e81d8955aa0ecde9233cfac0b6e019b	—
hash17a273facc124e6696eb6e1dc7c1c81c7dd478f2bff5b9160b6678dca0e460235b1f4a013e49f389a1d8d06bc0ca4471500219ee85e533a64afd2441f9bccef3	—
hash2c4a910a1299cdae2a4e55988a2f102e	—
hash2f1a5a7411d015d01aaee4535835400191645023	—
hash019085a76ba7126fff22770d71bd901c325fc68ac55aa743327984e89f4b0134	—
hash5cbfefe612a40c8872a0faf3db8d3835dc514fb3df159610095b47c595c6caa1ada79cce2b10fb99e648990c3f54f63344d1fa7025090bfcd4e2c55d7210a28d	—
hashc4a55257e26e3b07339fa125f5223a72	—
hash6c2e6a1b9ebb7d0eedb9e11d8017ff6c795b9b98	—
hash9e1e82ad740aba788850c5529e3eb84681b0a53b6c76ff5eadc6cb762823dba3	—
hash131e0b4fff35499da6e33f099f8fe96de1a65deec9522becbc8e55d0470f42f8d58cc2f3678eb2a82667bdcd96ed0f587464917290904f989678788a497849db	—
hash7454e0d2a852d8d802490dbc6c07f42e	—
hashb54275dd4daaa9467f91955b5b4670c20dfc4e49	—
hashe63d0b1280cd09f3d9236c4a7e428a000f0f87c6a707dbe2a6b5df3ceb24b48d	—
hashd982e2edba71923c7f9c4fdff636995fb475ba4146ea66dcb28b2b24c0e7f81742b4109ee9900ae7f9442ded32f1412311766cd374d88abdff2da317f752708d	—
hash89642b60883c693211567f54fcde5631	—
hash0161b4dc14ed849384714b7d48e4ce8e31cee22d	—
hash7e9191e9c1bd9624a97b0147d173abe2556a3b319dc1e1805d6ca2abc49c054b	—
hash32837f59e1063a10eff10e71f8ab2f78205122c136ac48bd1e73cb877b375da94c4f6553e84a7080c3a36b8af4461efad16ab251c2c777100b69fb44826aa3cf	—
hashb91ce2fa41029f6955bff20079468448	—
hash76640508b1e7759e548771a5359eaed353bf1eec	—
hash32519b85c0b422e4656de6e6c41878e95fd95026267daab4215ee59c107d6c77	—
hash6a81f082f36ccbda48070772c5a97e1d7de61ad77465e7befe8cbd97df40dcc5da09c461311708e3d57527e323484b05cfd3e72a3c70e106e47f44cc77584bd7	—
hash2109d02a31c7032f2bcabdf436b6726e	—
hash84d90343ae39a961e9e0f92127333b9cc9d62d33	—
hashf04e002613102c556260dc57c5accb5db70b427a9c2fdd6f51419ff53499f173	—
hash3c343696c837d1efc28ae4a688b863c4dff41e3b80047cd2ec6c9d571a3f677f8c750a5dabc7530c56d04749e0972d4d13403f05d10635a69ac82707bc984f8d	—
hash27193464e3effc6950cde66a4ad4757a	—
hash01d5d5696eadc1963ccbbf7ff2f79ba482ed17e1	—
hasha4c3bc5b8ba65bfff823212b5f2d76f618cbb12fd1e17db85ed1bbff35783336	—
hash394e55d211fd73d6d5a5aaabeeb6f0330cd6b6fba40a07bcdd789976097875da6d130ba8308478a1991d0217f0b22b0159f07232e7119dc36367784b176ae1e7	—
hash6a8e92fdd78e813e24abd0a0932052b9	—
hash76e3423312516772e053f5d1861163dd27e99a8c	—
hashf81e587fb1c7b55c7daeeee2bca68e619df3c815b316e439ef006fd91894aa09	—
hashe91dae684ce94faddd8a4b69d745524f15494f22a55b87d4ef1dd5fa3b78e017a911d55148819ca2736e4c500742f82584dbb6cb9aa3a0b61fadf91a56b0dc3c	—
hash56ceb6d0011d87b6e4d7023d7ef85676	—
hash75af292f34789a1c782ea36c7127bf6106f595e8	—
hashc15abaf51e78ca56c0376522d699c978217bf041a3bd3c71d09193efa5717c71	—
hashf7eac6ab99fe45ca46417cdca36ba27560d5f8a2f37f378ba97636662595d55fa34f749716971aa96a862e37e0199eb6cb905636e6ab0123cfa089adba450629	—
hash3e329a4c9030b26ba152fb602a1d5893	—
hashebe711516d0f5cd8126f4d53e375c90b7b95e8f2	—
hashd3c6785e18fba3749fb785bc313cf8346182f532c59172b69adfb31b96a5d0af	—

Link

Value	Description	Copy
linkhttps://vxug.fakedoma.in/samples/Exotic/UNC2452/SolarWinds%20Breach/	—
linkhttps://www.virustotal.com/gui/file/d3c6785e18fba3749fb785bc313cf8346182f532c59172b69adfb31b96a5d0af/detection/f-d3c6785e18fba3749fb785bc313cf8346182f532c59172b69adfb31b96a5d0af-1607927721	—
linkhttps://www.virustotal.com/gui/file/019085a76ba7126fff22770d71bd901c325fc68ac55aa743327984e89f4b0134/detection/f-019085a76ba7126fff22770d71bd901c325fc68ac55aa743327984e89f4b0134-1607927076	—
linkhttps://www.virustotal.com/gui/file/c15abaf51e78ca56c0376522d699c978217bf041a3bd3c71d09193efa5717c71/detection/f-c15abaf51e78ca56c0376522d699c978217bf041a3bd3c71d09193efa5717c71-1607928437	—
linkhttps://www.virustotal.com/gui/file/32519b85c0b422e4656de6e6c41878e95fd95026267daab4215ee59c107d6c77/detection/f-32519b85c0b422e4656de6e6c41878e95fd95026267daab4215ee59c107d6c77-1607931151	—
linkhttps://www.virustotal.com/gui/file/ce77d116a074dab7a22a0fd4f2c1ab475f16eec42e1ded3c0b0aa8211fe858d6/detection/f-ce77d116a074dab7a22a0fd4f2c1ab475f16eec42e1ded3c0b0aa8211fe858d6-1607930914	—

Text

Value	Description	Copy
text.text	—
text.rsrc	—
text.reloc	—
textdll	—
text269460022	—
textSolarWinds.Orion.Core.BusinessLayer	—
text2020.2.5300.12432	—
text000004b0	—
textSolarWinds.Orion.Core.BusinessLayer	—
text2020.2.5300.12432	—
textSolarWinds Worldwide, LLC.	—
textCopyright © 1999-2020 SolarWinds Worldwide, LLC. All Rights Reserved.	—
text.text	—
text.rsrc	—
text.reloc	—
textdll	—
text269367810	—
textSolarWinds.Orion.Core.BusinessLayer	—
text2019.4.5200.8890	—
text000004b0	—
textSolarWinds.Orion.Core.BusinessLayer	—
text2019.4.5200.8890	—
textSolarWinds Worldwide, LLC.	—
textCopyright © 1999-2019 SolarWinds Worldwide, LLC. All Rights Reserved.	—
text.text	—
text.rsrc	—
text.reloc	—
textdll	—
text269460022	—
textSolarWinds.Orion.Core.BusinessLayer	—
text2020.2.5200.12394	—
text000004b0	—
textSolarWinds.Orion.Core.BusinessLayer	—
text2020.2.5200.12394	—
textSolarWinds Worldwide, LLC.	—
textCopyright © 1999-2020 SolarWinds Worldwide, LLC. All Rights Reserved.	—
text.text	—
text.rsrc	—
text.reloc	—
textdll	—
text269443494	—
textSolarWinds.Orion.Core.BusinessLayer	—
text2019.4.5200.9083	—
text000004b0	—
textSolarWinds.Orion.Core.BusinessLayer	—
text2019.4.5200.9083	—
textSolarWinds Worldwide, LLC.	—
textCopyright © 1999-2020 SolarWinds Worldwide, LLC. All Rights Reserved.	—
text.text	—
text.rsrc	—
text.reloc	—
textdll	—
text268448958	—
text0.0.0.0	—
text000004b0	—
text0.0.0.0	—
text0/70	—
text4/69	—
text2/69	—
text5/69	—
text6/70	—

Size in-bytes

Value	Description	Copy
size-in-bytes1018368	—
size-in-bytes1536	—
size-in-bytes512	—
size-in-bytes1028072	—
size-in-bytes924672	—
size-in-bytes1536	—
size-in-bytes512	—
size-in-bytes934232	—
size-in-bytes1018368	—
size-in-bytes1536	—
size-in-bytes512	—
size-in-bytes1028072	—
size-in-bytes1001472	—
size-in-bytes1536	—
size-in-bytes512	—
size-in-bytes1011032	—
size-in-bytes5632	—
size-in-bytes1024	—
size-in-bytes512	—
size-in-bytes7680	—

Float

Value	Description	Copy
float5.5695446259584	—
float3.3927625723408	—
float1.9473387961876	—
float5.5800537860468	—
float5.6441844251496	—
float3.3987008123389	—
float1.9473387961876	—
float5.6560901874991	—
float5.5694865540978	—
float3.389713791853	—
float1.9473387961876	—
float5.5799968662039	—
float5.5697311444704	—
float3.4018646666713	—
float1.9473387961876	—
float5.5828269967379	—
float5.4919156876928	—
float3.1419883961028	—
float1.5849625007212	—
float4.6224498216263	—

Ssdeep

Value	Description	Copy
ssdeep12288:6JKoHwfn/jz3bbO4Qag2I97PMieSLezPKT+BYvjenWHuhh9c0g8vkzK19QU:KEfDbO97P8TrK0YbenWH4c0g8vkzK19b	—
ssdeep24:YE66ZyxF4iPXOL1+N0MnaOL1hyYinXF4OL1F3YOL15PNMMDqMM:YrjleBw0MjBhyXBB9hB7MM2MM	—
ssdeep3:6/Pl:6/d	—
ssdeep12288:5JKoHwfn/jz3bbO4Qag2I97PMieSLezPKT+BYvjenWHuhh9c0g8vkzK19Q:vEfDbO97P8TrK0YbenWH4c0g8vkzK19	—
ssdeep24576:GdBfeHcrhCECR1R/zoi8SHoN0W8vB8O3IcL:qe8nK/zopSHoN0W8vB8u	—
ssdeep24:LXsfQMKyxF4iPXOL1XNN9aOL1hninXF4OL1F3YOL1sPNelvq:LXsnjleBHJBhmBB9hB86i	—
ssdeep3:HlZn:r	—
ssdeep24576:ldBfeHcrhCECR1R/zoi8SHoN0W8vB8O3Icu:5e8nK/zopSHoN0W8vB83	—
ssdeep12288:6JKoHwfn/jz3bbO4Qag2I97PMieSLezPKT+cYvjenWHuhh9c0g8vkzE19Wa:KEfDbO97P8TrKhYbenWH4c0g8vkzE19j	—
ssdeep24:YA66ZyxF4iPXOL1+N0ZaaOL1hyYinXF4OL1F3YOL15PNMZkqMZ:YPjleBw0gBhyXBB9hB7MzM	—
ssdeep3:6/Pl:6/d	—
ssdeep12288:dJKoHwfn/jz3bbO4Qag2I97PMieSLezPKT+cYvjenWHuhh9c0g8vkzE19Wv:rEfDbO97P8TrKhYbenWH4c0g8vkzE19e	—
ssdeep12288:0x7m/z9aEBzvnvLtYAi6uLlYQ69BBpIvF1tjpH7BKi+0A8vca9owY:PaEBTvRBi6uL6dIvDtjpH9+0A8vca9oj	—
ssdeep24:wpyQMKyxF4iPXOL1XNNP+aOL1hyYinXF4OL1F3YOL1sPN3Flvq3:wp2jleBHSBhyXBB9hB8Pi	—
ssdeep3:L:L	—
ssdeep12288:Zx7m/z9aEBzvnvLtYAi6uLlYQ69BBpIvF1tjpH7BKi+0A8vca9owQ:6aEBTvRBi6uL6dIvDtjpH9+0A8vca9oD	—
ssdeep96:DKQSUZZa5aE8ibv1c8M1UBDawAjNXe+U8w15Gl+5DDGTBNF82gx:vqRzbt0GBDawA5uT8wSlyDDGTBNFS	—
ssdeep12:Essi3ntuAHeswYAB19aUGiqMZAiN5Eryi1qD41hPvYnqqf1qD41hoPN5Dlq5J:lIfs1FuZhNu8+PWN8+oPNnqX	—
ssdeep3:n:n	—
ssdeep192:8/SqRzbt0GBDawA5uT8wSlyDDGTBNFkQ:8/SyHKGBDax5uThDD6BNr	—

Datetime

Value	Description	Copy
datetime2020-05-11T21:32:40+00:00	—
datetime2019-10-10T13:26:39+00:00	—
datetime2020-04-21T14:53:33+00:00	—
datetime2020-03-24T08:52:34+00:00	—
datetime2020-03-24T09:16:10+00:00	—
datetime2020-12-14T06:35:21+00:00	—
datetime2020-12-14T06:24:36+00:00	—
datetime2020-12-14T06:47:17+00:00	—
datetime2020-12-14T07:32:31+00:00	—
datetime2020-12-14T07:28:34+00:00	—

File

Value	Description	Copy
fileSolarWinds.Orion.Core.BusinessLayer.dll	—
fileSolarWinds.Orion.Core.BusinessLayer.dll	—
filece77d116a074dab7a22a0fd4f2c1ab475f16eec42e1ded3c0b0aa8211fe858d6	—
fileSolarWinds.Orion.Core.BusinessLayer.dll	—
fileSolarWinds.Orion.Core.BusinessLayer.dll	—
filea25cadd48d70f6ea0c4a241d99c5241269e6faccb4054e62d16784640f8e53bc	—
fileSolarWinds.Orion.Core.BusinessLayer.dll	—
fileSolarWinds.Orion.Core.BusinessLayer.dll	—
file019085a76ba7126fff22770d71bd901c325fc68ac55aa743327984e89f4b0134	—
fileSolarWinds.Orion.Core.BusinessLayer.dll	—
fileSolarWinds.Orion.Core.BusinessLayer.dll	—
file32519b85c0b422e4656de6e6c41878e95fd95026267daab4215ee59c107d6c77	—
fileApp_Web_logoimagehandler.ashx.b6031896.dll	—
fileApp_Web_logoimagehandler.ashx.b6031896.dll	—
filec15abaf51e78ca56c0376522d699c978217bf041a3bd3c71d09193efa5717c71	—

Counter

Value	Description	Copy
counter3	—
counter3	—
counter3	—
counter3	—
counter3	—

Malware sample

Value	Description	Copy
malware-samplece77d116a074dab7a22a0fd4f2c1ab475f16eec42e1ded3c0b0aa8211fe858d6\|846e27a652a5e1bfbd0ddd38a16dc865	—
malware-samplea25cadd48d70f6ea0c4a241d99c5241269e6faccb4054e62d16784640f8e53bc\|e18a6a21eb44e77ca8d739a72209c370	—
malware-sample019085a76ba7126fff22770d71bd901c325fc68ac55aa743327984e89f4b0134\|2c4a910a1299cdae2a4e55988a2f102e	—
malware-sample32519b85c0b422e4656de6e6c41878e95fd95026267daab4215ee59c107d6c77\|b91ce2fa41029f6955bff20079468448	—
malware-samplec15abaf51e78ca56c0376522d699c978217bf041a3bd3c71d09193efa5717c71\|56ceb6d0011d87b6e4d7023d7ef85676	—

Mime type

Value	Description	Copy
mime-typePE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows	—
mime-typePE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows	—
mime-typePE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows	—
mime-typePE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows	—
mime-typePE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows	—

Threat ID: 68359c9e5d5f0974d01fb95e

Added to database: 5/27/2025, 11:06:06 AM

Last enriched: 12/24/2025, 6:11:37 AM

Last updated: 3/24/2026, 4:24:38 PM

Community Reviews

0 reviews

Crowdsource mitigation strategies, share intel context, and vote on the most helpful responses. Sign in to add your voice and help keep defenders ahead.

Sort by

Loading community insights…

Want to contribute mitigation steps or threat intel context? Sign in or create an account to join the community discussion.

Actions

PRO

Updates to AI analysis require Pro Console access. Upgrade inside Console → Billing.

Please log in to the Console to use AI analysis features.

External Links

Search on Google

Need more coverage?

Upgrade to Pro Console for AI refresh and higher limits.

For incident response and remediation, OffSeq services can help resolve threats faster.

Latest Threats

Breach by OffSeqOFFSEQFRIENDS — 25% OFF

Check if your credentials are on the dark web

Instant breach scanning across billions of leaked records. Free tier available.

Scan now

OffSeq TrainingCredly Certified

Lead Pen Test Professional

Technical5-day eLearningPECB Accredited

View courses

OSINT - UNC2452 / SUNBURST @vxunderground OSINT related findings

AI Analysis

Technical Summary

Potential Impact

Mitigation Recommendations

Affected Countries

Indicators of Compromise

OSINT - UNC2452 / SUNBURST @vxunderground OSINT related findings

Description

AI-Powered Analysis

Technical Analysis

Potential Impact

Mitigation Recommendations

Affected Countries

Technical Details

Indicators of Compromise

Hash

Link

Text

Size in-bytes

Float

Ssdeep

Datetime

File

Counter

Malware sample

Mime type

Community Reviews

Actions

External Links

Need more coverage?

Latest Threats

Check if your credentials are on the dark web

Lead Pen Test Professional

Keyboard Shortcuts

Navigation

Search & Filters

UI Controls

Accessibility

OSINT - UNC2452 / SUNBURST @vxunderground OSINT related findings

AI Analysis

Technical Summary

Potential Impact

Mitigation Recommendations

Affected Countries

Indicators of Compromise

OSINT - UNC2452 / SUNBURST @vxunderground OSINT related findings

Description

AI-Powered Analysis

Technical Analysis

Potential Impact

Mitigation Recommendations

Affected Countries

Technical Details

Indicators of Compromise

Hash

Link

Text

Size in-bytes

Float

Ssdeep

Datetime

File

Counter

Malware sample

Mime type

Community Reviews

Related Threats

Maltrail IOC for 2026-03-24

Maltrail IOC for 2026-03-23

Maltrail IOC for 2026-03-22

Maltrail IOC for 2026-03-21

Maltrail IOC for 2026-03-20

Actions

External Links

Need more coverage?

Latest Threats

Check if your credentials are on the dark web

Lead Pen Test Professional

Keyboard Shortcuts

Navigation

Search & Filters

UI Controls

Accessibility