ViciousTrapViciousTrap

Also known as: ViciousTrap

Known aliases
1

Profile

ViciousTrap has compromised over 5,500 edge devices, transforming them into honeypots and utilizing a shell script called NetGhost to redirect incoming traffic from specific ports to their infrastructure. The actor has targeted various EOL devices, including ASUS routers, Linksys LRT224, and Araknis Networks AN-300-RT-4L2W VPN routers. Observations indicate attempts to deploy a web shell for executing their redirection script, although authorship of the web shell has not been attributed to ViciousTrap. The overall objectives of ViciousTrap remain unclear, but their activities suggest a honeypot-style network aimed at intercepting network flows.

Aliases· 1

ViciousTrap

References

  1. https://blog.sekoia.io/vicioustrap-infiltrate-control-lure-turning-edge-devices-into-honeypots-en-masse/

Related by meaning· 6

Nearest entities by semantic similarity across the cs-graph corpus.

Actor
EvilTraffic
Actor
UAT-8616
Actor
Larva-24010
Software
VPNFilter
Actor
UAT-9921
Actor
GhostRedirector
Sourced from MISP-Galaxy Threat Actor cluster. Curated by Adam Lundqvist, Founder at SQUR.