The SolarWinds Orion SUNBURST backdoor is a sophisticated attack that creates a challenging problem for threat hunters (and data scientists) to solve. The attack has had a large impact through its clever design, and we can assume that we haven't seen the full extent of damage yet. It is worth deconstructing the available data for more indicators of compromise that might add valuable threat intelligence to the security community for future attacks.
The FireEye blog post identified several domains that are associated with the SUNBURST attack campaign: "avsvmcloud[.]com", "freescanonline[.]com", "thedoccloud[.]com", "deftsecurity[.]com", websitetheme[.]com", "highdatabase[.]com", "incomeupdate[.]com", "databasegalore[.]com", "panhardware[.]com", and "zupertech[.]com".