Emerging Threats
Actor2020
SolarWinds Supply Chain
4Rules
7References
1Folders
2024-09-12Latest
Summary
SolarWinds Supply Chain is tracked here as a threat actor, intrusion set, or campaign with 4 Sigma detections spanning 2020. Coverage centers on windows / process_creation, webserver.
Related Detections
Search this threatEmerging Threathightest
UNC2452 Process Creation Patterns
Detects a specific process creation patterns as seen used by UNC2452 and provided by Microsoft as Microsoft Defender ATP queries
WindowsProcess Creation
TA0002 · ExecutionT1059.001 · PowerShelldetection.emerging-threats
Florian Roth (Nextron Systems)Fri Jan 222020
Emerging Threatcriticaltest
Solarwinds SUPERNOVA Webshell Access
Detects access to SUPERNOVA webshell as described in Guidepoint report
Web Server Log
TA0003 · PersistenceT1505.003 · Web Shelldetection.emerging-threats
Florian Roth (Nextron Systems)Thu Dec 172020
Emerging Threathightest
Suspicious VBScript UN2452 Pattern
Detects suspicious inline VBScript keywords as used by UNC2452
WindowsProcess Creation
TA0004 · Privilege EscalationTA0003 · PersistenceT1547.001 · Registry Run Keys / Startup Folderdetection.emerging-threats
Florian Roth (Nextron Systems)Fri Mar 052020
Emerging Threatcriticaltest
UNC2452 PowerShell Pattern
Detects a specific PowerShell command line pattern used by the UNC2452 actors as mentioned in Microsoft and Symantec reports
WindowsProcess Creation
TA0002 · ExecutionT1059.001 · PowerShellT1047 · Windows Management Instrumentationdetection.emerging-threats
Florian Roth (Nextron Systems)Wed Jan 202020
References