SYMBOLCOMMON_NAMEaka. SYNONYMS
elf.sowat (Back to overview)

SoWaT

Actor(s): APT31

This is an implant used by APT31 on home routers to utilize them as ORBs.

References
2023-09-07SekoiaJamila B.
My Tea’s not cold. An overview of China’s cyber threat
Melofee PingPull SoWaT Sword2033 MgBot MQsTTang PlugX TONESHELL Dalbit MirrorFace
2021-11-25imp0rtp3 blogimp0rtp3
A Deep Dive Into SoWaT: APT31’s Multifunctional Router Implant
SoWaT
2021-07-21Twitter (@billyleonard)Billy Leonard
Tweet on APT31 using a router implant.
SoWaT
2021-07-21Twitter (@bkMSFT)Ben Koehl
Tweet on an ANSSI report detailing APT31 intrusions in France
SoWaT APT31
2021-07-21CERT-FRANSSI
INDICATEURS DE COMPROMISSION DU CERT-FR
SoWaT APT31

There is no Yara-Signature yet.