{
	"id": "98258544-77c3-4235-a98d-900ca41679b3",
	"created_at": "2026-04-06T00:15:59.599545Z",
	"updated_at": "2026-04-10T03:21:51.821565Z",
	"deleted_at": null,
	"sha1_hash": "375e4dde4d3b73a79fd37faa4c58e10a0d6c6c51",
	"title": "GitHub - SentineLabs/SolarWinds_Countermeasures: This tool is designed to identify processes, services, and drivers that SUNBURST attempts to identify on the victim's machine.",
	"llm_title": "",
	"authors": "",
	"file_creation_date": "0001-01-01T00:00:00Z",
	"file_modification_date": "0001-01-01T00:00:00Z",
	"file_size": 42704,
	"plain_text": "GitHub - SentineLabs/SolarWinds_Countermeasures: This tool is\r\ndesigned to identify processes, services, and drivers that\r\nSUNBURST attempts to identify on the victim's machine.\r\nBy jameshs1\r\nArchived: 2026-04-05 21:43:31 UTC\r\nDescription\r\nThis tool is designed to identify processes, services, and drivers that SUNBURST attempts to identify on the\r\nvictim's machine.\r\nThis tool leverages the same logic SUNBURST uses to obtain a list of running processes/services/drivers, then\r\napplies the same hashing algorithm, and performs the blacklist check. The outcome/results of the blacklist check\r\nare then printed to the console.\r\nVersion 1 SHA1: 848b903a0f67f8fd71152b2b73a010fba547038c\r\nVersion 2 SHA1: d4910eaf5620528905b371c9a91fa5e3467978be\r\nVersion 3 SHA1: 37dc0e94a06257e91b041341f08dc435fe69d772\r\nExample - when running on a system monitored by SentinelOne\r\nC:\\Users\\infected\\Desktop\u003eS1_SUNBURST_Assessment.exe\r\nSentinelLabs SUNBURST Assessment Tool Version 2\r\nDescription: This tool checks the current system for processes, services, and drivers\r\nthat SUNBURST attempts to identify in its blacklist, prints the match, as well as the outcome.\r\n[+] Checking running processes/services...\r\n[+] Done checking running processes/services!\r\n[+] Checking loaded drivers...\r\nDRIVERS BLACKLIST MATCH: Loaded driver SentinelMonitor.sys matches hardcoded blacklist hash 12343334044036541897\r\nOUTCOME: SUNBURST will exit!\r\n[+] Done checking loaded drivers!\r\nExample - when running on a malware analyst machine\r\nC:\\Users\\REM\\Desktop\u003eS1_SUNBURST_Assessment.exe\r\nSentinelLabs SUNBURST Assessment Tool Version 2\r\nDescription: This tool checks the current system for processes, services, and drivers\r\nhttps://github.com/SentineLabs/SolarWinds_Countermeasures\r\nPage 1 of 2\n\nthat SUNBURST attempts to identify in its blacklist, prints the match, as well as the outcome.\r\n[+] Checking running processes/services...\r\nBLACKLIST MATCH: Running process pestudio matches hardcoded blacklist hash 10235971842993272939\r\nOUTCOME: SUNBURST will exit!\r\nBLACKLIST MATCH: Running process dnSpy matches hardcoded blacklist hash 13825071784440082496\r\nOUTCOME: SUNBURST will exit!\r\n[+] Done checking running processes/services!\r\n[+] Checking loaded drivers...\r\n[+] Done checking loaded drivers!\r\nSource: https://github.com/SentineLabs/SolarWinds_Countermeasures\r\nhttps://github.com/SentineLabs/SolarWinds_Countermeasures\r\nPage 2 of 2",
	"extraction_quality": 1,
	"language": "EN",
	"sources": [
		"Malpedia"
	],
	"references": [
		"https://github.com/SentineLabs/SolarWinds_Countermeasures"
	],
	"report_names": [
		"SolarWinds_Countermeasures"
	],
	"threat_actors": [],
	"ts_created_at": 1775434559,
	"ts_updated_at": 1775791311,
	"ts_creation_date": 0,
	"ts_modification_date": 0,
	"files": {
		"pdf": "https://archive.orkl.eu/375e4dde4d3b73a79fd37faa4c58e10a0d6c6c51.pdf",
		"text": "https://archive.orkl.eu/375e4dde4d3b73a79fd37faa4c58e10a0d6c6c51.txt",
		"img": "https://archive.orkl.eu/375e4dde4d3b73a79fd37faa4c58e10a0d6c6c51.jpg"
	}
}