At Prevasio, we started to narrow down those potentially affected by the Solarwinds hack as the Sunburst used a DGA (Domain Generation Algorithm) that gives us a glimpse into who may have been infected.
The list (with disclaimers) follows:
| Decoded Domain | Mapping (Could Be Inaccurate) |
| hgvc.com | Hilton Grand Vacations |
| Amerisaf | AMERISAFE, Inc. |
| kcpl.com | Kansas City Power and Light Company |
| SFBALLET | San Francisco Ballet |
| scif.com | State Compensation Insurance Fund |
| LOGOSTEC | Logostec Ventilação Industrial |
| ARYZTA.C | ARYZTA Food Solutions |
| bmrn.com | BioMarin Pharmaceutical Inc. |
| AHCCCS.S | Arizona Health Care Cost Containment System |
| nnge.org | Next Generation Global Education |
| cree.com | Cree, Inc (semiconductor products) |
| calsb.org | The State Bar of California |
| rbe.sk.ca | Regina Public Schools |
| cisco.com | Cisco Systems |
| pcsco.com | Professional Computer Systems |
| barrie.ca | City of Barrie |
| ripta.com | Rhode Island Public Transit Authority |
| uncity.dk | UN City (Building in Denmark) |
| bisco.int | Boambee Industrial Supplies (Bisco) |
| haifa.edu | University of Haifa |
| smsnet.pl | SMSNET, Poland |
| fcmat.org | Fiscal Crisis and Management Assistance Team |
| wiley.com | Wiley (publishing) |
| ciena.com | Ciena (networking systems) |
| belkin.com | Belkin |
| spsd.sk.ca | Saskatoon Public Schools |
| pqcorp.com | PQ Corporation |
| ftfcu.corp | First Tech Federal Credit Union |
| bop.com.pk | The Bank of Punjab |
| nvidia.com | NVidia |
| insead.org | INSEAD (non-profit, private university) |
| usd373.org | Newton Public Schools |
| agloan.ads | American AgCredit |
| pageaz.gov | City of Page |
| jarvis.lab | Erich Jarvis Lab |
| ch2news.tv | Channel 2 (Israeli TV channel) |
| bgeltd.com | Bradford / Hammacher Remote Support Software |
| dsh.ca.gov | California Department of State Hospitals |
| dotcomm.org | Douglas Omaha Technology Commission |
| sc.pima.gov | Arizona Superior Court in Pima County |
| itps.uk.net | Infection Prevention Society (IPS) |
| moncton.loc | City of Moncton |
| acmedctr.ad | Alameda Health System |
| csci-va.com | Computer Systems Center Incorporated |
| Redacted† | (law firm – redacted) |
| keyano.local | Keyano College |
| uis.kent.edu | Kent State University |
| alm.brand.dk | Sydbank Group (Banking, Denmark) |
| ironform.com | Ironform (metal fabrication) |
| corp.ncr.com | NCR Corporation |
| ap.serco.com | Serco Asia Pacific |
| int.sap.corp | SAP |
| mmhs-fla.org | Cleveland Clinic Martin Health |
| nswhealth.net | NSW Health |
| mixonhill.com | Mixon Hill (intelligent transportation systems) |
| bcofsa.com.ar | Banco de Formosa |
| ci.dublin.ca. | Dublin, City in California |
| siskiyous.edu | College of the Siskiyous |
| weioffice.com | Walton Family Foundation |
| ecobank.group | Ecobank Group (Africa) |
| corp.sana.com | Sana Biotechnology |
| med.ds.osd.mi | US Gov Information System |
| wz.hasbro.com | Hasbro (Toy company) |
| its.iastate.ed | Iowa State University |
| amr.corp.intel | Intel |
| cds.capilanou. | Capilano University |
| e-idsolutions. | IDSolutions (video conferencing) |
| helixwater.org | Helix Water District |
| detmir-group.r | Detsky Mir (Russian children’s retailer) |
| int.lukoil-int | LUKOIL (Oil and gas company, Russia) |
| ad.azarthritis | Arizona Arthritis and Rheumatology Associates |
| net.vestfor.dk | Vestforbrænding |
| allegronet.co. | Allegronet (Cloud based services, Israel) |
| us.deloitte.co | Deloitte |
| central.pima.g | Pima County Government |
| city.kingston. | Kingston City, Australia |
| staff.technion | Technion – Israel Institute of Technology |
| airquality.org | Sacramento Metropolitan Air Quality Management District |
| phabahamas.org | Public Hospitals Authority, Caribbean |
| parametrix.com | Parametrix (Engineering) |
| ad.checkpoint. | Check Point |
| corp.riotinto. | Rio Tinto (Mining company, Australia) |
| intra.rakuten. | Rakuten |
| us.rwbaird.com | Robert W. Baird & Co. (Financial services) |
| ville.terrebonn | Ville de Terrebonne |
| woodruff-sawyer | Woodruff-Sawyer & Co., Inc. |
| fisherbartoninc | Fisher Barton Group |
| banccentral.com | BancCentral Financial Services Corp. |
| taylorfarms.com | Taylor Fresh Foods |
| neophotonics.co | NeoPhotonics (optoelectronic devices) |
| gloucesterva.ne | Gloucester County |
| magnoliaisd.loc | Magnolia Independent School District |
| zippertubing.co | Zippertubing (Manufacturing) |
| milledgeville.l | Milledgeville (City in Georgia) |
| digitalreachinc | Digital Reach, Inc. |
| deniz.denizbank | DenizBank |
| thoughtspot.int | ThoughtSpot (Business intelligence) |
| lufkintexas.net | Lufkin (City in Texas) |
| digitalsense.co | Digital Sense (Cloud Services) |
| wrbaustralia.ad | W. R. Berkley Insurance Australia |
| christieclinic. | Christie Clinic Telehealth |
| signaturebank.l | Signature Bank |
| dufferincounty. | Dufferin County |
| mountsinai.hosp | Mount Sinai Hospital |
| securview.local | Securview Victory (Video Interface technology) |
| weber-kunststof | Weber Kunststoftechniek |
| parentpay.local | ParentPay (Cashless Payments) |
| europapier.inte | Europapier International AG |
| molsoncoors.com | Molson Coors Beverage Company |
| fujitsugeneral. | Fujitsu General |
| cityofsacramento | City of Sacramento |
| ninewellshospita | Ninewells Hospital |
| fortsmithlibrary | Fort Smith Public Library |
| dokkenengineerin | Dokken Engineering |
| vantagedatacente | Vantage Data Centers |
| friendshipstateb | Friendship State Bank |
| clinicasierravis | Clinica Sierra Vista |
| ftsillapachecasi | Apache Casino Hotel |
| voceracommunicat | Vocera (clinical communications) |
| mutualofomahaban | Mutual of Omaha Bank |
† In this case, the company in question has reached out to me directly and asked that they not be listed. The company had performed a forensic review and believes they are not affected. In the interest of transparency, I can provide more details if contacted directly.
