We've released a small hunt query/iocs for the reported solarwinds attacks - https://www.fireeye.com/blog/threat-research/2020/12/evasive-attacker-leverages-solarwinds-supply-chain-compromises-with-sunburst-backdoor.html
https://github.com/sophos-cybersecurity/solarwinds-threathunt/blob/master/README.md
This is based on Karl Ackerman's searches for Ryuk
