Task 1: Understanding a Threat Intelligence blog post on a recent attack

Task 2: Review the FireEye Threat Intel on the SUNBURST Malware

Task 3: Analyze Threat Intelligence

Answer: Executive Summary section tell us the APT name :UNC2452

Answer: From this GitHub page: Snort|Yara|IOC|ClamAV

Answer: From Summary->SUNBURST Backdoor Section SolarWinds.Orion.Core.BusinessLayer.dll

Answer: From In-Depth Malware Analysis Section: b91ce2fa41029f6955bff20079468448

Answer: From Delivery and Installation section : msp

Answer: From Delivery and Installation section :12|14|days

Answer: From this GitHub link about sunburst snort rules:

Answer: From Steganography->Supported Commands section->SetRegistryValue to write: 14

Answer: From Network Command and Control (C2) section: base64

Answer: From Steganography Section: JobExecutionEngine

Answer: Count from MITRE ATT&CK Techniques Observed section: 17

Answer: From this Wikipedia link->SolarWinds section: 18,000

Answer: From Immediate Mitigation Recommendations section: 2020.2.1 HF 1

Task 4: Additional Resources



Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store