Indicator_type,Data,Note
Description,IOCs from Solarwinds attack,

file_path_name,C:\windows\syswow64\netsetupsvc.dll,TEARDROP memory module used to drop Cobalt Strike Beacon.
domain,avsvmcloud.com,malware/callhome
domain,digitalcollege.org,malware/callhome
domain,freescanonline.com,malware/repository
domain,deftsecurity.com,malware/callhome	
domain,thedoccloud.com,malware/callhome
domain,websitetheme.com,malware/repository	
domain,highdatabase.com,malware/repository
domain,incomeupdate.com,malware/callhome
domain,databasegalore.com,malware/callhome	
domain,panhardware.com,malware/callhome	
domain,zupertech.com,malware/callhome	
domain,seobundlekit.com,malware/callhome
domain,lcomputers.com,malware/callhome
domain,virtualdataserver.com,malware/repository
domain,webcodez.com,malware/callhome	
domain,infinitysoftwares.com,malware/callhome
domain,ervsystem.com,malware/callhome
ip,13.59.205.66,C2 malware/repository	
ip,54.193.127.66,C2 malware/repository
ip,54.215.192.52,C2 malware/repository
ip,34.203.203.23,C2 malware/callhome
ip,139.99.115.204,C2 malware/callhome
ip,5.252.177.25,C2 malware/callhome
ip,5.252.177.21,C2 malware/callhome
ip,204.188.205.176,C2 malware/callhome
ip,51.89.125.18,C2 malware/callhome
ip,167.114.213.199,C2 malware/callhome
sha256,d0d626deb3f9484e649294a8dfa814c5568f846d5aa02d4cdad5d041a29d5600,Troj/SunBurst-A(Installer|CORE-2019.4.5220.20574-SolarWinds-Core-v2019.4.5220-Hotfix5.msp) 
sha256,53f8dfc65169ccda021b72a62e0c22a4db7c4077f002fa742717d41b3c40f2c7,Mal/Generic-S(Solarwinds Worldwide LLC) 	
sha256,ce77d116a074dab7a22a0fd4f2c1ab475f16eec42e1ded3c0b0aa8211fe858d6,Mal/Sunburst-A(SolarWinds.Orion.Core.BusinessLayer.dll) 
sha256,32519b85c0b422e4656de6e6c41878e95fd95026267daab4215ee59c107d6c77,Mal/Sunburst-A(SolarWinds.Orion.Core.BusinessLayer.dll) 	
sha256,292327e5c94afa352cc5a02ca273df543f2020d0e76368ff96c84f4e90778712,Mal/Generic-S(OrionImprovementBusinessLayer.2.cs) 	
sha256,c15abaf51e78ca56c0376522d699c978217bf041a3bd3c71d09193efa5717c71,Mal/Sunburst-B(app_web_logoimagehandler.ashx.b6031896.dll).SuperNova webshell backdoor
sha256,019085a76ba7126fff22770d71bd901c325fc68ac55aa743327984e89f4b0134,Mal/Sunburst-A(SolarWinds.Orion.Core.BusinessLayer.dll)
sha256,ce77d116a074dab7a22a0fd4f2c1ab475f16eec42e1ded3c0b0aa8211fe858d6,Mal/Sunburst-A(SolarWinds.Orion.Core.BusinessLayer.dll)
sha256,abe22cf0d78836c3ea072daeaf4c5eeaf9c29b6feb597741651979fc8fbd2417,Mal/Sunburst-A(SolarWinds.Orion.Core.BusinessLayer.dll)
sha256,2ade1ac8911ad6a23498230a5e119516db47f6e76687f804e2512cc9bcfda2b0,Mal/Sunburst-A(SolarWinds.Orion.Core.BusinessLayer.dll)
sha256,db9e63337dacf0c0f1baa06145fd5f1007002c63124f99180f520ac11d551420,Mal/Sunburst-A(SolarWinds.Orion.Core.BusinessLayer.dll)
sha256,0f5d7e6dfdd62c83eb096ba193b5ae394001bac036745495674156ead6557589,Mal/Sunburst-A(SolarWinds.Orion.Core.BusinessLayer.dll)
sha256,b820e8a2057112d0ed73bd7995201dbed79a79e13c79d4bdad81a22f12387e07,Teardrop
sha256,1817a5bf9c01035bcf8a975c9f1d94b0ce7f6a200339485d8f93859f8f6d730c,Teardrop