Skip to content
/ sunburst_iocs Public

List of IOCs from CISA STIX feed related to Alert AA20-352A

1 star 0 forks Branches Tags Activity
Star
Notifications You must be signed in to change notification settings

LogRhythm-Labs/sunburst_iocs

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

13 Commits
CISA-AA20-352A-Alert-FileHash-Threat-All.txt
CISA-AA20-352A-Alert-FileHash-Threat-All.txt
 
 
CISA-AA20-352A-Alert-Filepath-Malware-All.txt
CISA-AA20-352A-Alert-Filepath-Malware-All.txt
 
 
CISA-AA20-352A-Alert-IP-Suspicious-All.txt
CISA-AA20-352A-Alert-IP-Suspicious-All.txt
 
 
CISA-AA20-352A-Alert-URL-Suspicious-All.txt
CISA-AA20-352A-Alert-URL-Suspicious-All.txt
 
 
FireEyeSunburstHashesMD5.txt
FireEyeSunburstHashesMD5.txt
 
 
FireEyeSunburstHashesSHA1.txt
FireEyeSunburstHashesSHA1.txt
 
 
FireEyeSunburstHashesSHA256.txt
FireEyeSunburstHashesSHA256.txt
 
 
FireEyeSunburstNBIFQDNa.txt
FireEyeSunburstNBIFQDNa.txt
 
 
FireEyeSunburstNBIFQDNcname.txt
FireEyeSunburstNBIFQDNcname.txt
 
 
FireEyeSunburstNBIip.txt
FireEyeSunburstNBIip.txt
 
 
FireEyeSunburstNBItarget.txt
FireEyeSunburstNBItarget.txt
 
 
FireEyeSunburstSnortThreatName.txt
FireEyeSunburstSnortThreatName.txt
 
 
README.md
README.md
 
 
VolexityDarkHaloCommands.txt
VolexityDarkHaloCommands.txt
 
 
VolexityDarkHaloDomain.txt
VolexityDarkHaloDomain.txt
 
 
VolexityDarkHaloIP.txt
VolexityDarkHaloIP.txt
 
 

Repository files navigation

sunburst_iocs

List of IOCs derived from CISA STIX feed and FireEye sunburst_countermeasures repository related to SolarWinds "sunburst" supply chain attack

This repo contains:

  • A point-in-time download of the Indicators of Compromise provided by the Cybersecurity and Infrastructure Security Agency (CISA) in their STIX feed accompanying alert AA20-352a.
  • IOCs derived from the FireEye sunburst_countermeasures GitHub repo

LogRhythm customers are encouraged to use the LogRhythm Threat Intelligence Service TIS to subscribe to the CISA feed rather than use the static CISA lists in this repository. TIS will automatically create lists corresponding to the IOC types and periodically check the CISA feed for updates.

Please see the LogRhythm blog for more information on leveraging LogRhythm to investigate the behavior described in this report.

About

List of IOCs from CISA STIX feed related to Alert AA20-352A

Resources

Readme
Activity
Custom properties

Stars

1 star

Watchers

3 watching

Forks

0 forks
Report repository

Releases

No releases published

Packages

No packages published

Contributors 2

  •  
  •