Absolutely routed!! Why routers are the new bullseye in cyber attacks
Show in Graph
Image Description
Common Information
Type Value
UUID df12ee6f-0884-4546-abd4-c343f6223895
Fingerprint 54eb6721a410664054be7d028669f8d8f9ffdd1fcb95f4f03b75ef27346447b9
Analysis status DONE
Considered CTI value 2
Text language
Published Nov. 12, 2019, 12:33 p.m.
Added to db April 18, 2024, 10:55 a.m.
Last updated Aug. 31, 2024, 1:16 a.m.
Headline Absolutely routed!! Why routers are the new bullseye in cyber attacks
Title Absolutely routed!! Why routers are the new bullseye in cyber attacks
Detected Hints/Tags/Attributes 147/3/73
Source URLs
Redirection Url
Details Source https://www.virusbulletin.com/uploads/pdf/magazine/2019/VB2019-Shandilya.pdf
URL Provider
Details Provider Source level domain
Details virusbulletin.com www.virusbulletin.com
Attributes
Details Type #Events CTI Value
Details CVE 27 
cve-2018-14847
Details CVE 43 
cve-2018-10561
Details CVE 10 
cve-2019-1652
Details CVE 1 
cve-2018-14874
Details CVE 18 
cve-2019-1653
Details CVE 45 
cve-2018-10562
Details Domain 247 
www.virusbulletin.com
Details Domain 3 
k7computing.com
Details Domain 1 
libumsg.so
Details Domain 1 
libubox.so
Details Domain 4 
iplogger.co
Details Domain 2 
ups.py
Details Domain 2 
min01.com
Details Domain 1 
mikr0tik.com
Details Domain 202 
krebsonsecurity.com
Details Domain 2 
www.upnp-hacks.org
Details Domain 5 
www.defensecode.com
Details Domain 38 
blog.netlab.360.com
Details Domain 4127 
github.com
Details Domain 81 
blog.malwarebytes.com
Details Domain 2 
www.redteam-pentesting.de
Details Domain 7 
www.nginx.com
Details Domain 18 
www.vpnmentor.com
Details Domain 8 
securityresponse.symantec.com
Details Domain 79 
www.f-secure.com
Details File 14 
user.dat
Details File 2 
upd_browser.py
Details File 2 
ups.py
Details File 1 
upd_broswer.py
Details File 1 
scheduler.dat
Details File 1 
self_generator.htm
Details File 1 
cate_handle2.htm
Details File 1 
upnp.html
Details File 3 
advisory.pdf
Details File 1 
routeros_derbycon_2018.pdf
Details File 1 
extract_user.py
Details File 1 
cramfs.txt
Details Github username 1 
0ki
Details Github username 46 
rapid7
Details Github username 1 
longld
Details Github username 4 
tenable
Details Github username 1 
bignerd95
Details Github username 1 
0x27
Details Github username 5 
refirmlabs
Details Github username 18 
torvalds
Details IPv4 49 
239.255.255.250
Details IPv4 5 
1.4.2.15
Details IPv4 4 
1.4.2.20
Details Url 1 
http://iplogger.co/xxxxxx
Details Url 1 
http://iplogger.co/1xxxx6
Details Url 1 
http://min01.com:31416/min01?key={keybase58}&part={part}
Details Url 1 
http://mikr0tik.com:31416/mikr0tik?key={keybase58}&part={part}
Details Url 1 
http://up0.bit:31416/up0?key={keybase58}&part={part}
Details Url 1 
https://krebsonsecurity.com/2016
Details Url 1 
http://www.upnp-hacks.org/upnp.html
Details Url 1 
https://www.defensecode.com/public/defensecode_broadcom_security_
Details Url 1 
https://blog.netlab.360.com/bcmpupnp_hunter-a-100k-botnet-turns-home-routers-to-email-
Details Url 1 
https://github.com/0ki/mikrotik-tools
Details Url 1 
https://github.com/rapid7/embedded-tools
Details Url 1 
https://github.com/longld/peda
Details Url 1 
https://github.com/tenable/routeros/blob/master/bug_hunting_in_
Details Url 60 
https://github.com
Details Url 2 
https://github.com/tenable/routeros/tree/master/poc/bytheway
Details Url 1 
https://github.com/bignerd95/routeros-backup-tools/blob/master
Details Url 1 
https://blog.malwarebytes.com/threat-analysis/2018/10/fake-browser-update-seeks-to-
Details Url 1 
https://www.redteam-pentesting.de/en/advisories
Details Url 1 
https://github.com/0x27/ciscorv320dump
Details Url 3 
https://github.com/refirmlabs/binwalk
Details Url 1 
https://github.com/torvalds/linux/blob/master/documentation/fi
Details Url 2 
https://www.nginx.com
Details Url 1 
https://www.vpnmentor.com/blog/critical-vulnerability-gpon-router
Details Url 1 
http://securityresponse.symantec.com/fi
Details Url 1 
https://www.f-secure.com/en/web/home_global/router-checker