SYMBOLCOMMON_NAMEaka. SYNONYMS
elf.vpnfilter (Back to overview)

VPNFilter

There is no description at this point.

References
2022-04-20CISACISA, NSA, FBI, Australian Cyber Security Centre (ACSC), Canadian Centre for Cyber Security (CCCS), Government Communications Security Bureau, NCSC UK, National Crime Agency (NCA)
@techreport{cisa:20220420:aa22110a:4fde5d6, author = {CISA and NSA and FBI and Australian Cyber Security Centre (ACSC) and Canadian Centre for Cyber Security (CCCS) and Government Communications Security Bureau and NCSC UK and National Crime Agency (NCA)}, title = {{AA22-110A Joint CSA: Russian State-Sponsored and Criminal Cyber Threats to Critical Infrastructure}}, date = {2022-04-20}, institution = {CISA}, url = {https://www.cisa.gov/uscert/sites/default/files/publications/AA22-110A_Joint_CSA_Russian_State-Sponsored_and_Criminal_Cyber_Threats_to_Critical_Infrastructure_4_20_22_Final.pdf}, language = {English}, urldate = {2022-04-25} } AA22-110A Joint CSA: Russian State-Sponsored and Criminal Cyber Threats to Critical Infrastructure
VPNFilter BlackEnergy DanaBot DoppelDridex Emotet EternalPetya GoldMax Industroyer Sality SmokeLoader TrickBot Triton Zloader
2022-04-20CISACISA
@online{cisa:20220420:alert:529e28c, author = {CISA}, title = {{Alert (AA22-110A): Russian State-Sponsored and Criminal Cyber Threats to Critical Infrastructure}}, date = {2022-04-20}, organization = {CISA}, url = {https://www.cisa.gov/uscert/ncas/alerts/aa22-110a}, language = {English}, urldate = {2022-04-25} } Alert (AA22-110A): Russian State-Sponsored and Criminal Cyber Threats to Critical Infrastructure
VPNFilter BlackEnergy DanaBot DoppelDridex Emotet EternalPetya GoldMax Industroyer Sality SmokeLoader TrickBot Triton Zloader Killnet
2022-03-31Sentinel LABSJuan Andrés Guerrero-Saade
@online{guerrerosaade:20220331:acidrain:723eb80, author = {Juan Andrés Guerrero-Saade}, title = {{AcidRain | A Modem Wiper Rains Down on Europe}}, date = {2022-03-31}, organization = {Sentinel LABS}, url = {https://www.sentinelone.com/labs/acidrain-a-modem-wiper-rains-down-on-europe/}, language = {English}, urldate = {2022-03-31} } AcidRain | A Modem Wiper Rains Down on Europe
AcidRain VPNFilter
2022-02-25CyberPeace Institute
@online{institute:20220225:ukraine:eb66e34, author = {CyberPeace Institute}, title = {{UKRAINE: Timeline of Cyberattacks}}, date = {2022-02-25}, url = {https://cyberpeaceinstitute.org/ukraine-timeline-of-cyberattacks}, language = {English}, urldate = {2022-03-01} } UKRAINE: Timeline of Cyberattacks
VPNFilter EternalPetya HermeticWiper WhisperGate
2022-02-24Cisco TalosTalos
@online{talos:20220224:threat:cdf8dd3, author = {Talos}, title = {{Threat Advisory: Cyclops Blink}}, date = {2022-02-24}, organization = {Cisco Talos}, url = {https://blog.talosintelligence.com/2022/02/threat-advisory-cyclops-blink.html}, language = {English}, urldate = {2022-03-01} } Threat Advisory: Cyclops Blink
VPNFilter
2022-02-24TalosMitch Neff
@online{neff:20220224:threat:93f498c, author = {Mitch Neff}, title = {{Threat Advisory: Current executive guidance for ongoing cyberattacks in Ukraine}}, date = {2022-02-24}, organization = {Talos}, url = {https://blog.talosintelligence.com/2022/02/current-executive-guidance-for-ongoing.html}, language = {English}, urldate = {2022-03-01} } Threat Advisory: Current executive guidance for ongoing cyberattacks in Ukraine
VPNFilter EternalPetya
2022-02-24TesorionTESORION
@techreport{tesorion:20220224:report:e2f2082, author = {TESORION}, title = {{Report OSINT: Russia/ Ukraine Conflict Cyberaspect}}, date = {2022-02-24}, institution = {Tesorion}, url = {https://www.tesorion.nl/en/resources/pdfstore/Report-OSINT-Russia-Ukraine-Conflict-Cyberaspect.pdf}, language = {English}, urldate = {2022-03-01} } Report OSINT: Russia/ Ukraine Conflict Cyberaspect
Mirai VPNFilter BlackEnergy EternalPetya HermeticWiper Industroyer WhisperGate
2022-02-23NCSC UKNCSC UK
@online{uk:20220223:new:53a7c46, author = {NCSC UK}, title = {{New Sandworm malware Cyclops Blink replaces VPNFilter}}, date = {2022-02-23}, organization = {NCSC UK}, url = {https://www.ncsc.gov.uk/news/joint-advisory-shows-new-sandworm-malware-cyclops-blink-replaces-vpnfilter}, language = {English}, urldate = {2022-02-26} } New Sandworm malware Cyclops Blink replaces VPNFilter
VPNFilter
2022-02-23CISA, NCSC UK, FBI, NSA
@techreport{cisa:20220223:advisory:56f6379, author = {CISA and NCSC UK and FBI and NSA}, title = {{Advisory: New Sandworm malware Cyclops Blink replaces VPNFilter}}, date = {2022-02-23}, institution = {}, url = {https://www.cisa.gov/uscert/sites/default/files/publications/AA22-054A%20New%20Sandworm%20Malware%20Cyclops%20Blink%20Replaces%20VPN%20Filter.pdf}, language = {English}, urldate = {2022-02-26} } Advisory: New Sandworm malware Cyclops Blink replaces VPNFilter
VPNFilter
2022-02-23CISACISA
@online{cisa:20220223:alert:3e2924e, author = {CISA}, title = {{Alert (AA22-054A) New Sandworm Malware Cyclops Blink Replaces VPNFilter}}, date = {2022-02-23}, organization = {CISA}, url = {https://www.cisa.gov/uscert/ncas/alerts/aa22-054a}, language = {English}, urldate = {2022-02-26} } Alert (AA22-054A) New Sandworm Malware Cyclops Blink Replaces VPNFilter
CyclopsBlink VPNFilter
2021-09-30laceworkLacework Labs
@online{labs:20210930:mirai:014ab03, author = {Lacework Labs}, title = {{Mirai goes Stealth – TLS & IoT Malware}}, date = {2021-09-30}, organization = {lacework}, url = {https://www.lacework.com/blog/mirai-goes-stealth-tls-iot-malware/}, language = {English}, urldate = {2021-10-11} } Mirai goes Stealth – TLS & IoT Malware
Mirai VPNFilter
2021-01-19Trend MicroStephen Hilt, Fernando Mercês
@online{hilt:20210119:vpnfilter:7d2a08a, author = {Stephen Hilt and Fernando Mercês}, title = {{VPNFilter Two Years Later: Routers Still Compromised}}, date = {2021-01-19}, organization = {Trend Micro}, url = {https://www.trendmicro.com/en_us/research/21/a/vpnfilter-two-years-later-routers-still-compromised-.html}, language = {English}, urldate = {2021-01-21} } VPNFilter Two Years Later: Routers Still Compromised
VPNFilter
2020-10-19UK GovernmentForeignCommonwealth & Development Office, Dominic Raab
@online{office:20201019:uk:7ead390, author = {ForeignCommonwealth & Development Office and Dominic Raab}, title = {{UK exposes series of Russian cyber attacks against Olympic and Paralympic Games}}, date = {2020-10-19}, organization = {UK Government}, url = {https://www.gov.uk/government/news/uk-exposes-series-of-russian-cyber-attacks-against-olympic-and-paralympic-games}, language = {English}, urldate = {2020-10-23} } UK exposes series of Russian cyber attacks against Olympic and Paralympic Games
VPNFilter BlackEnergy EternalPetya Industroyer
2020-02-13QianxinQi Anxin Threat Intelligence Center
@techreport{center:20200213:report:146d333, author = {Qi Anxin Threat Intelligence Center}, title = {{APT Report 2019}}, date = {2020-02-13}, institution = {Qianxin}, url = {https://ti.qianxin.com/uploads/2020/02/13/cb78386a082f465f259b37dae5df4884.pdf}, language = {English}, urldate = {2020-02-27} } APT Report 2019
Chrysaor Exodus Dacls VPNFilter DNSRat Griffon KopiLuwak More_eggs SQLRat AppleJeus BONDUPDATER Agent.BTZ Anchor AndroMut AppleJeus BOOSTWRITE Brambul Carbanak Cobalt Strike Dacls DistTrack DNSpionage Dtrack ELECTRICFISH FlawedAmmyy FlawedGrace Get2 Grateful POS HOPLIGHT Imminent Monitor RAT jason Joanap KerrDown KEYMARBLE Lambert LightNeuron LoJax MiniDuke PolyglotDuke PowerRatankba Rising Sun SDBbot ServHelper Snatch Stuxnet TinyMet tRat TrickBot Volgmer X-Agent Zebrocy
2019-08-08BlackHatEric Doerr
@techreport{doerr:20190808:enemy:3962b21, author = {Eric Doerr}, title = {{The Enemy Within: Modern Supply Chain Attacks}}, date = {2019-08-08}, institution = {BlackHat}, url = {https://i.blackhat.com/USA-19/Thursday/us-19-Doerr-The-Enemy-Within-Modern-Supply-Chain-Attacks.pdf}, language = {English}, urldate = {2020-08-14} } The Enemy Within: Modern Supply Chain Attacks
VPNFilter
2019-08-05MicrosoftMSRC Team
@online{team:20190805:corporate:683c54a, author = {MSRC Team}, title = {{Corporate IoT – a path to intrusion (APT28/STRONTIUM)}}, date = {2019-08-05}, organization = {Microsoft}, url = {https://msrc-blog.microsoft.com/2019/08/05/corporate-iot-a-path-to-intrusion/}, language = {English}, urldate = {2020-08-14} } Corporate IoT – a path to intrusion (APT28/STRONTIUM)
VPNFilter
2019-05-23Cisco TalosMartin Lee
@online{lee:20190523:one:4d2b33e, author = {Martin Lee}, title = {{One year later: The VPNFilter catastrophe that wasn't}}, date = {2019-05-23}, organization = {Cisco Talos}, url = {https://blog.talosintelligence.com/2019/05/one-year-later-vpnfilter-catastrophe.html}, language = {English}, urldate = {2019-07-09} } One year later: The VPNFilter catastrophe that wasn't
VPNFilter
2018-09-26CiscoEdmund Brumaghin
@online{brumaghin:20180926:vpnfilter:343892a, author = {Edmund Brumaghin}, title = {{VPNFilter III: More Tools for the Swiss Army Knife of Malware}}, date = {2018-09-26}, organization = {Cisco}, url = {https://blog.talosintelligence.com/2018/09/vpnfilter-part-3.html}, language = {English}, urldate = {2019-12-17} } VPNFilter III: More Tools for the Swiss Army Knife of Malware
VPNFilter
2018-07-13Trend MicroTony Yang, Peter Lee
@online{yang:20180713:vpnfilteraffected:a08c4ae, author = {Tony Yang and Peter Lee}, title = {{VPNFilter-affected Devices Still Riddled with 19 Vulnerabilities}}, date = {2018-07-13}, organization = {Trend Micro}, url = {https://blog.trendmicro.com/trendlabs-security-intelligence/vpnfilter-affected-devices-still-riddled-with-19-vulnerabilities}, language = {English}, urldate = {2020-01-08} } VPNFilter-affected Devices Still Riddled with 19 Vulnerabilities
VPNFilter
2018-06-06Cisco TalosWilliam Largent
@online{largent:20180606:vpnfilter:157380d, author = {William Largent}, title = {{VPNFilter Update - VPNFilter exploits endpoints, targets new devices}}, date = {2018-06-06}, organization = {Cisco Talos}, url = {https://blog.talosintelligence.com/2018/06/vpnfilter-update.html?m=1}, language = {English}, urldate = {2019-12-10} } VPNFilter Update - VPNFilter exploits endpoints, targets new devices
VPNFilter
2018-05-24Kaspersky LabsGReAT
@online{great:20180524:vpnfilter:cb1c89f, author = {GReAT}, title = {{VPNFilter EXIF to C2 mechanism analysed}}, date = {2018-05-24}, organization = {Kaspersky Labs}, url = {https://securelist.com/vpnfilter-exif-to-c2-mechanism-analysed/85721/}, language = {English}, urldate = {2019-12-20} } VPNFilter EXIF to C2 mechanism analysed
VPNFilter
2018-05-23Cisco TalosCisco Talos
@online{talos:20180523:new:2de509f, author = {Cisco Talos}, title = {{New VPNFilter malware targets at least 500K networking devices worldwide}}, date = {2018-05-23}, organization = {Cisco Talos}, url = {https://blog.talosintelligence.com/2018/05/VPNFilter.html}, language = {English}, urldate = {2020-01-08} } New VPNFilter malware targets at least 500K networking devices worldwide
VPNFilter
2018-05-23SymantecSymantec Security Response Team
@online{team:20180523:vpnfilter:1e6942e, author = {Symantec Security Response Team}, title = {{VPNFilter: New Router Malware with Destructive Capabilities}}, date = {2018-05-23}, organization = {Symantec}, url = {https://www.symantec.com/blogs/threat-intelligence/vpnfilter-iot-malware}, language = {English}, urldate = {2019-12-17} } VPNFilter: New Router Malware with Destructive Capabilities
VPNFilter
2018-05-23Department of JusticeOffice of Public Affairs
@online{affairs:20180523:justice:806d785, author = {Office of Public Affairs}, title = {{Justice Department Announces Actions to Disrupt Advanced Persistent Threat 28 Botnet of Infected Routers and Network Storage Devices}}, date = {2018-05-23}, organization = {Department of Justice}, url = {https://www.justice.gov/opa/pr/justice-department-announces-actions-disrupt-advanced-persistent-threat-28-botnet-infected}, language = {English}, urldate = {2020-01-06} } Justice Department Announces Actions to Disrupt Advanced Persistent Threat 28 Botnet of Infected Routers and Network Storage Devices
VPNFilter APT28
2018-05SophosSergei Shevchenko
@online{shevchenko:201805:vpnfilter:d6268ae, author = {Sergei Shevchenko}, title = {{VPNFilter Botnet - a SophosLabs Analysis}}, date = {2018-05}, organization = {Sophos}, url = {https://www.sophos.com/en-us/medialibrary/PDFs/technical-papers/sophos-VPN-Filter-analysis-v2.pdf?la=en}, language = {English}, urldate = {2019-07-09} } VPNFilter Botnet - a SophosLabs Analysis
VPNFilter

There is no Yara-Signature yet.