Reference
I am sure you all saw the news.

2020-12-13 Fireeye
Highly Evasive Attacker Leverages SolarWinds Supply Chain to Compromise Multiple Global Victims With SUNBURST Backdoor
2020-12-13 MicrosoftCustomer Guidance on Recent Nation-State Cyber Attacks
Well, here are the Sunburst binaries. Here is a Sunburst malware analysis walk-through video by Colin Hardyhttps://www.youtube.com/watch?v=JoMwrkijTZ8&feature=youtu.be
Download
Other malware

Download dlls. Email me if you need the password (see in my profile)
Download Coreinstaller.msi - trojaned installer sample
Hashes
SolarWinds.Orion.Core.BusinessLayer.dll
32519b85c0b422e4656de6e6c41878e95fd95026267daab4215ee59c107d6c77019085a76ba7126fff22770d71bd901c325fc68ac55aa743327984e89f4b0134a25cadd48d70f6ea0c4a241d99c5241269e6faccb4054e62d16784640f8e53bcce77d116a074dab7a22a0fd4f2c1ab475f16eec42e1ded3c0b0aa8211fe858d6d3c6785e18fba3749fb785bc313cf8346182f532c59172b69adfb31b96a5d0af
Trojan:MSIL/Solorigate.B!dhaA Variant Of MSIL/SunBurst.A
This is the compromised installer file ( was still on Solarwinds update downloads on Dec 14, 2020
File size 419.76 MBCoreInstaller.msi
ad2fbf4add71f61173975989d1a18395afb8538ed889012b9d2e21c19e98bbd1
2020-04-21 17:31:02SolarWinds Orion Core Services 2020.2{77E2D294-3D5C-4D93-ADF1-884CCEAD93B0}File Version InformationDate signed 05:32 PM 04/21/2020SignersSolarwinds Worldwide, LLCSymantec Class 3 SHA256 Code Signing CAVeriSignVT - 0 (Dec 14, 2020)
If you unzip, check 019085a76ba7126fff22770d71bd901c325fc68ac55aa743327984e89f4b0134 (36 detections , part of the IOC set)
SolarWinds.Orion.Core.BusinessLayer.dll under OrionCore
