Statements (35)
| Predicate | Object |
|---|---|
| gptkbp:instanceOf |
malware campaign
|
| gptkbp:abilities |
data exfiltration
command and control communication device bricking persistence after reboot traffic interception |
| gptkbp:affects |
gptkb:MikroTik
gptkb:Netgear gptkb:QNAP gptkb:TP-Link gptkb:Linksys |
| gptkbp:alsoKnownAs |
gptkb:VPNFilter
|
| gptkbp:connectsTo |
gptkb:APT28
gptkb:Fancy_Bear gptkb:Sofacy Russian threat actors |
| gptkbp:discoveredBy |
gptkb:Cisco_Talos
|
| gptkbp:discoveredIn |
2018
|
| https://www.w3.org/2000/01/rdf-schema#label |
VPNFilter malware campaign
|
| gptkbp:infectionCount |
over 500,000 devices
|
| gptkbp:notableEvent |
FBI issued public warning in May 2018
FBI seized control of command and control domain |
| gptkbp:notableFeature |
modular architecture
stage 1 persistence stage 2 and 3 payloads |
| gptkbp:remedy |
factory reset
firmware update device reboot |
| gptkbp:target |
network routers
network-attached storage devices |
| gptkbp:usesMalware |
modular malware
multi-stage malware |
| gptkbp:分布地区 |
global
|
| gptkbp:bfsParent |
gptkb:2018_Ukraine_router_attack
|
| gptkbp:bfsLayer |
7
|