Skip to main content
Download the Buyer’s Guide for Cyber Risk Quantification Solutions
Download Guide
Request a Demo

Threat Hunting Use Case (Video): Sunburst Malware

Sunburst malwareThe SolarWinds attack, disclosed by security firm FireEye and Microsoft in December, may have breached as many as 18,000 government and private sector organizations. It has been characterized as the largest and most sophisticated cyber attack the world has ever seen, and was made possible by the Sunburst malware the attackers implanted in legitimate digitally signed DLL files in SolarWinds’ Orion update packages.

ThreatConnect engineer Alexi Valencia has produced a new video that breaks down how the Sunburst attack worked and offers critical insights into how a combination of focused dashboards, automated threat hunting and workflow within ThreatConnect can help threat intelligence analysts and incident responders streamline response processes when Sunburst or other incidents like it occur.

Let’s take a look at a helpful dashboard, which tracks Sunburst malware specific intelligence across all available Intel sources and provides updated counts of pertinent intelligence items, such as incidents, signatures, adversaries, and threats. As new relevant intelligence becomes available, analysts can track things like new incidents and reports specific to Sunburst related tags, as well as any reported indicators of compromise.

Using ThreatConnect to Automate Threat Hunting in Response to the SolarWinds Compromise


About the Author


By operationalizing threat and cyber risk intelligence, The ThreatConnect Platform changes the security operations battlefield, giving your team the advantage over the attackers. It enables you to maximize the efficacy and value of your threat intelligence and human knowledge, leveraging the native machine intelligence in the ThreatConnect Platform. Your team will maximize their impact, efficiency, and collaboration to become a proactive force in protecting the enterprise. Learn more at