Threat Intel Flash: Sisense Data Compromise: ARC Labs Intelligence Flash

Get the Latest


Microsoft and industry partners seize key domain used in SolarWinds hack

After creating a sinkhole for the domain, Microsoft and a coalition of other companies have seized the domain avsvmcloud[.]com. This domain served as a Command & Control (C2) host for the attackers and delivered the SUNBURST backdoor to 18,000 SolarWinds customers. Because the malware sits dormant for 12-14 days before calling back to the C2, it may take more time to discover who is affected. This effort to sinkhole this domain is to find potentially exposed victims and gain a clearer picture of the overall problem.

Analyst Notes

Independent researchers and other organizations such as the RedDrip Team from QiAnXin Technology have decoded the unique subdomains to compile a list of known victims. As recommended previously, implement the newest hotpatch, bring the affected systems offline until incident response procedures are followed, and the problem’s scope can be taken into account.

SunBurst_DGA_Decode Script:
Decoded Domains:
SolarWinds Security Advisory:
CISA Advisory:
DHS Directive: