| SYMBOL | COMMON_NAME | aka. SYNONYMS |
ViciousTrap has compromised over 5,500 edge devices, transforming them into honeypots and utilizing a shell script called NetGhost to redirect incoming traffic from specific ports to their infrastructure. The actor has targeted various EOL devices, including ASUS routers, Linksys LRT224, and Araknis Networks AN-300-RT-4L2W VPN routers. Observations indicate attempts to deploy a web shell for executing their redirection script, although authorship of the web shell has not been attributed to ViciousTrap. The overall objectives of ViciousTrap remain unclear, but their activities suggest a honeypot-style network aimed at intercepting network flows.
There are currently no families associated with this actor.
| 2025-05-22
⋅
Sekoia
⋅
ViciousTrap – Infiltrate, Control, Lure: Turning edge devices into honeypots en masse. ViciousTrap |