Jump to content

Backdoor.Sunburst reported for file SOLARWINDS.ORION.CORE.BUSINESSLAYER.DLL


Recommended Posts

This dll is being detected by Malwarebytes and Windows Defender. It's the file in question but from an earlier version of the Solarwinds Software than noted in the reports. Is this legit or a false positive? The file was digitally signed Oct 10, 2019 and bundled with product version 2019.4.5200.8890

File: 1
Backdoor.Sunburst, E:\DOWNLOADS\SOLARWINDS.ORION.CORE.BUSINESSLAYER.DLL, No Action By User, 16804, 889737, 1.0.34465, , ame, , E18A6A21EB44E77CA8D739A72209C370, A25CADD48D70F6EA0C4A241D99C5241269E6FACCB4054E62D16784640F8E53BC

Link to post
Share on other sites

  • Staff


Above one is also listed as vulnerable, as stated per:

Customer Guidance on Recent Nation-State Cyber Attacks – Microsoft Security Response Center

SunBurst: the next level of stealth (reversinglabs.com)

"While the first version to contain the malicious backdoor code was 2019.4.5200.9083, as outlined by the FireEye blog, there was a previous version that was tampered with by the attackers: version 2019.4.5200.8890, from October 2019, and this version had only been slightly modified. While it doesn’t contain the malicious backdoor code, it does contain the .NET class that will host it in the future."

So this isn't a real FP, although it doesn't contain malicious code, but it's vulnerable, so I suggest to apply the hotfix

Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.