Trojan:MSIL/Solorigate.B!dha threat description - Microsoft
Security Intelligence
By Microsoft Corporation
Archived: 2026-04-05 17:39:10 UTC
Published Dec 13, 2020 | Updated Apr 26, 2021
Summary
This threat can allow remote sophisticated attackers to gain access and perform backdoor commands on an
affected device. It is a modified DLL component of a legitimate software.
Attackers use this threat to gain initial access to a device. When the related software is opened, this modified DLL
is loaded and connects to command-and-control servers to listen for commands and get additional payloads.
Microsoft Defender Antivirus detects this threat. It raises an alert when it detects the threat on your device, but it
doesn't automatically remediate it in order to not affect legitimate services. If this threat is detected on your
environment, we recommend that you immediately investigate and manually remediate it.
NOTE: Microsoft continues to work with partners and customers to expand our knowledge of the threat actor
behind the nation-state cyberattacks that compromised the supply chain of SolarWinds and impacted multiple
other organizations. Microsoft previously used ‘Solorigate’ as the primary designation for the actor, but moving
forward, we want to place appropriate focus on the actors behind the sophisticated attacks, rather than one of the
examples of malware used by the actors. Microsoft Threat Intelligence Center (MSTIC) has named the actor
behind the attack against SolarWinds, the SUNBURST backdoor, TEARDROP malware, and related components
as NOBELIUM. As we release new content and analysis, we will use NOBELIUM to refer to the actor and the
attack campaigns.
Read our latest reports: 
Important steps for customers to protect themselves from recent nation-state cyberattacks
Customer Guidance on Recent Nation-State Cyber Attacks – Microsoft Security Response Center
Ensuring customers are protected from Solorigate
Source: https://www.microsoft.com/en-us/wdsi/threats/malware-encyclopedia-description?Name=Trojan:MSIL/Solorigate.B!dha
https://www.microsoft.com/en-us/wdsi/threats/malware-encyclopedia-description?Name=Trojan:MSIL/Solorigate.B!dha
Page 1 of 1