Researchers have discovered seven more modules for the Russian malware VPNFilter. Upon its discovery, researchers were immediately aware of two modules built into the malware–one a packet sniffer and one which enabled communication with C&C servers over the Tor network. But as the dissection of the malware has continued, it has led to further discoveries. The seven additional modules significantly increase the potential damage from the malware. The seven additional modules are:
htpx – Redirects and inspects unsecured web traffic
nbdr – Multi-functional SSH utility
nm – Conducts network mapping from infected devices
netfilter – Denial of Service tool
portforwarding – Forwards network traffic to attacker-controlled servers
socks5proxy – Enables the establishment of a SOCKS5 proxy
tcpvpn – Enables the establishment of a reverse TPN VPN (Similar to Cobalt Strike’s VPN
Pivoting)