SYMBOLCOMMON_NAMEaka. SYNONYMS
elf.sowat (Back to overview)

SoWaT

Actor(s): APT31

This is an implant used by APT31 on home routers to utilize them as ORBs.

References
2023-09-07SekoiaJamila B.
@online{b:20230907:my:de66f96, author = {Jamila B.}, title = {{My Tea’s not cold. An overview of China’s cyber threat}}, date = {2023-09-07}, organization = {Sekoia}, url = {https://blog.sekoia.io/my-teas-not-cold-an-overview-of-china-cyber-threat/}, language = {English}, urldate = {2023-09-08} } My Tea’s not cold. An overview of China’s cyber threat
Melofee PingPull SoWaT Sword2033 MgBot MQsTTang PlugX TONESHELL Dalbit
2021-11-25imp0rtp3 blogimp0rtp3
@online{imp0rtp3:20211125:deep:c984127, author = {imp0rtp3}, title = {{A Deep Dive Into SoWaT: APT31’s Multifunctional Router Implant}}, date = {2021-11-25}, organization = {imp0rtp3 blog}, url = {https://imp0rtp3.wordpress.com/2021/11/25/sowat/}, language = {English}, urldate = {2021-12-17} } A Deep Dive Into SoWaT: APT31’s Multifunctional Router Implant
SoWaT
2021-07-21CERT-FRANSSI
@online{anssi:20210721:indicateurs:9f20dae, author = {ANSSI}, title = {{INDICATEURS DE COMPROMISSION DU CERT-FR}}, date = {2021-07-21}, organization = {CERT-FR}, url = {https://www.cert.ssi.gouv.fr/ioc/CERTFR-2021-IOC-003}, language = {French}, urldate = {2021-12-17} } INDICATEURS DE COMPROMISSION DU CERT-FR
SoWaT APT31
2021-07-21Twitter (@bkMSFT)Ben Koehl
@online{koehl:20210721:anssi:d77e4ad, author = {Ben Koehl}, title = {{Tweet on an ANSSI report detailing APT31 intrusions in France}}, date = {2021-07-21}, organization = {Twitter (@bkMSFT)}, url = {https://twitter.com/bkMSFT/status/1417823714922610689}, language = {English}, urldate = {2021-12-17} } Tweet on an ANSSI report detailing APT31 intrusions in France
SoWaT APT31
2021-07-21Twitter (@billyleonard)Billy Leonard
@online{leonard:20210721:apt31:95e177c, author = {Billy Leonard}, title = {{Tweet on APT31 using a router implant.}}, date = {2021-07-21}, organization = {Twitter (@billyleonard)}, url = {https://twitter.com/billyleonard/status/1417910729005490177}, language = {English}, urldate = {2021-12-17} } Tweet on APT31 using a router implant.
SoWaT

There is no Yara-Signature yet.