ioc[.]one - OSINT Cyber Threat Intelligence Database

One year later: The VPNFilter catastrophe that wasn't

Tags

country:	Bulgaria France Russia Ukraine
attack-pattern:	Data Direct Botnet - T1583.005 Botnet - T1584.005 Dns - T1071.004 Dns - T1590.002 Malware - T1587.001 Malware - T1588.001 Network Devices - T1584.008 Network Topology - T1590.004 Software - T1592.002 Vulnerabilities - T1588.006

Show in Graph

Common Information

Type	Value
UUID	5b2df4dd-a5ea-4823-a479-5e0f72835036
Fingerprint	b5a42d19c819f683
Analysis status	DONE
Considered CTI value	1
Text language
Published	May 23, 2019, 4:24 p.m.
Added to db	Sept. 26, 2022, 9:30 a.m.
Last updated	Nov. 17, 2024, 6:54 p.m.
Headline	Vulnerability Information
Title	One year later: The VPNFilter catastrophe that wasn't
Detected Hints/Tags/Attributes	93/2/32

Source URLs

	Redirection	Url
Details	Source	https://blog.talosintelligence.com/2019/05/one-year-later-vpnfilter-catastrophe.html

URL Provider

Details	Provider	Source level domain
Details	talosintelligence.com	blog.talosintelligence.com

Attributes

Details	Type	#Events	Value
Details	Domain	7	toknowall.com
Details	Domain	5	cyber.dhs.gov
Details	Domain	98	www.ncsc.gov.uk
Details	Domain	145	www.us-cert.gov
Details	Domain	111	www.justice.gov
Details	Domain	261	blog.talosintelligence.com
Details	Domain	360	attack.mitre.org
Details	Domain	39	ics-cert.us-cert.gov
Details	Domain	25	www.cyberthreatalliance.org
Details	Domain	14	ssu.gov.ua
Details	File	2	ar-16-20173.pdf
Details	File	6	vpnfilter.html
Details	File	7	korea-in-crosshairs.html
Details	File	1	rocke-champion-of-monero-miners.html
Details	File	1	steppe-2016-1229.pdf
Details	File	5	seaturtle.html
Details	Threat Actor Identifier - APT	783	APT28
Details	Url	2	https://cyber.dhs.gov/assets/report/ar-16-20173.pdf
Details	Url	1	https://www.ncsc.gov.uk/information/uk-internet-edge-router-devices-advisory
Details	Url	2	https://www.us-cert.gov/ncas/alerts/ta18-106a
Details	Url	1	https://www.justice.gov/opa/press-release/file/1066051/download
Details	Url	6	https://blog.talosintelligence.com/2018/05/vpnfilter.html
Details	Url	2	https://www.justice.gov/opa/pr/justice-department-announces-actions-disrupt-advanced-persistent-threat-28-botnet-infected
Details	Url	6	https://blog.talosintelligence.com/2018/01/korea-in-crosshairs.html
Details	Url	1	https://blog.talosintelligence.com/2018/08/rocke-champion-of-monero-miners.html
Details	Url	13	https://attack.mitre.org/groups
Details	Url	1	https://www.us-cert.gov/sites/default/files/publications/jar_16-20296a_grizzly
Details	Url	1	https://www.ncsc.gov.uk/news/reckless-campaign-cyber-attacks-russian-military-intelligence-service-exposed
Details	Url	3	https://ics-cert.us-cert.gov/alerts/ir-alert-h-16-056-01
Details	Url	1	https://www.cyberthreatalliance.org/information-sharing-action-cta-incident-review-vpnfilter
Details	Url	1	https://ssu.gov.ua/ua/news/1/category/21/view/4823#.xa4rx7cc.dpbs
Details	Url	4	https://blog.talosintelligence.com/2019/04/seaturtle.html