Tag
This rule detects post-exploitation command and control activity related to the SUNBURST backdoor, which targets SolarWind's Orion software, mimicking the Orion Improvement Program (OIP) protocol for covert communication.