Sunburst is a SolarWinds digitally-signed component of the Orion software framework that contains a backdoor that communicates via HTTP to third party servers. Sunburst has been widespread across organizations in a supply-chain attack.
Sunburst uses multiple obfuscated blocklists to identify security and anti-virus tools running as processes, services, and drivers. It stores this information for later stages of an attack.
Due to the emerging nature of this malware, content will continually be digested and added to this article as it becomes available.