VPNFilter botnet: a SophosLabs analysis, part 2
Tags
| country: | China France Taiwan |
| maec-delivery-vectors: | Watering Hole |
| attack-pattern: | Data Botnet - T1583.005 Botnet - T1584.005 Credentials - T1589.001 Firmware - T1592.003 Malware - T1587.001 Malware - T1588.001 Software - T1592.002 |
Common Information
| Type | Value |
|---|---|
| UUID | e2df0f08-fa1a-4f70-982a-b6a9f968780f |
| Fingerprint | a5a72a09ec3b2a8f |
| Analysis status | DONE |
| Considered CTI value | 0 |
| Text language | |
| Published | May 27, 2018, 8:42 p.m. |
| Added to db | Jan. 18, 2023, 10:04 p.m. |
| Last updated | Nov. 18, 2024, 4:35 a.m. |
| Headline | VPNFilter botnet: a SophosLabs analysis, part 2 |
| Title | VPNFilter botnet: a SophosLabs analysis, part 2 |
| Detected Hints/Tags/Attributes | 48/3/13 |
Source URLs
URL Provider
Attributes
| Details | Type | #Events | CTI | Value |
|---|---|---|---|---|
| Details | CVE | 2 | cve-2017-17033 |
|
| Details | Domain | 11 | ipify.org |
|
| Details | Domain | 130 | api.ipify.org |
|
| Details | Domain | 1 | api.ipify.com |
|
| Details | File | 2 | qsync.php |
|
| Details | IPv4 | 1 | 188.165.218.31 |
|
| Details | IPv4 | 5 | 217.12.202.40 |
|
| Details | IPv4 | 3 | 91.200.13.76 |
|
| Details | IPv4 | 4 | 91.121.109.209 |
|
| Details | IPv4 | 3 | 94.242.222.68 |
|
| Details | IPv4 | 1 | 50.19.229.252 |
|
| Details | IPv4 | 1 | 222.186.56.233 |
|
| Details | Url | 2 | http://api.ipify.org?format=json |