Microsoft has open-sourced CodeQL queries that developers can use to scan source code for malicious implants matching the SolarWinds supply-chain attack. Developers can scan their source codebase for functionality or syntactic code elements that match those used by the malicious implants from the attack. Microsoft warns that some of these queries can find similar behavior in benign code, so it is essential to manually review any detections to ensure they are not false positives. Microsoft: “We are open sourcing the queries that we used in this investigation so that other organizations may perform a similar analysis”””
Source: https://www.bleepingcomputer.com/news/security/microsoft-shares-codeql-queries-to-scan-code-for-solarwinds-like-implants/