|
gptkbp:instanceOf
|
malware
|
|
gptkbp:abilities
|
data exfiltration
man-in-the-middle attack
command and control communication
device bricking
|
|
gptkbp:affects
|
gptkb:Netgear_routers
gptkb:TP-Link_routers
gptkb:MikroTik_routers
gptkb:QNAP_NAS_devices
gptkb:Linksys_routers
|
|
gptkbp:C2Infrastructure
|
hardcoded IP addresses
ToKnowAll.com
photobucket.com
|
|
gptkbp:category
|
cybercrime
cyber sabotage
|
|
gptkbp:connectsTo
|
gptkb:APT28
Russian hacking group Sofacy
|
|
gptkbp:discoveredBy
|
gptkb:Cisco_Talos
|
|
gptkbp:firstReported
|
2018
|
|
https://www.w3.org/2000/01/rdf-schema#label
|
VPNFilter malware
|
|
gptkbp:mitigatedBy
|
FBI seized C2 domain
|
|
gptkbp:notableBattle
|
Ukraine infrastructure
|
|
gptkbp:numberOfInfectedDevices
|
over 500,000
|
|
gptkbp:removes
|
factory reset required
|
|
gptkbp:stage1Payload
|
persistence and command download
|
|
gptkbp:stage2Payload
|
data collection and device control
|
|
gptkbp:stage3Payload
|
additional plugins
|
|
gptkbp:target
|
network routers
network-attached storage devices
|
|
gptkbp:uses
|
modular architecture
|
|
gptkbp:bfsParent
|
gptkb:2018_Ukraine_router_attack
|
|
gptkbp:bfsLayer
|
7
|