# reference

https://community.riskiq.com/article/9a515637/description

https://www.prodaft.com/m/uploads/SilverFish_TLPWHITE.pdf

https://www.microsoft.com/security/blog/2021/03/04/goldmax-goldfinder-sibot-analyzing-nobelium-malware/

https://www.microsoft.com/security/blog/2020/12/18/analyzing-solorigate-the-compromised-dll-file-that-started-a-sophisticated-cyberattack-and-how-microsoft-defender-helps-protect/

https://www.fireeye.com/blog/threat-research/2021/03/sunshuttle-second-stage-backdoor-targeting-us-based-entity.html

https://symantec-enterprise-blogs.security.com/blogs/threat-intelligence/solarwinds-raindrop-malware

https://www.crowdstrike.com/blog/sunspot-malware-technical-analysis/

https://securelist.com/sunburst-backdoor-kazuar/99981/

https://securelist.com/sunburst-connecting-the-dots-in-the-dns-requests/99862/

https://mp.weixin.qq.com/s/v-ekPFtVNZG1W7vWjcuVug