ioc · domain

avsvmcloud[.]com

Primary first-stage command-and-control domain used by the SUNBURST backdoor inside trojanized SolarWinds Orion updates. Subdomains under this domain encoded victim identifiers.

family: SUNBURST
first seen: Dec 12, 2020
publisher: CISA

source citation