In this report, we provide an expanded list of indicators of SUNBURST compromise as observed across affected environments protected by Reveal(x). We also share real-world examples of how organizations have used historical network data to determine whether and to what extent systems and data were compromised via SUNBURST