Create accountLogin

Recent searches

No recent searches

Search options

Only available when logged in.
mastodon.social is one of the many independent Mastodon servers you can use to participate in the fediverse.
The original server operated by the Mastodon gGmbH non-profit

Administered by:

Server stats:

341K
active users

mastodon.social: AboutStatusProfiles directoryPrivacy policy

Mastodon: AboutGet the appKeyboard shortcutsView source codev4.4.0-nightly.2025-04-01

#botnet

3 posts3 participants0 posts today
Public
OTX Bot

Outlaw Linux Malware: Persistent, Unsophisticated, and Surprisingly Effective

OUTLAW is a persistent Linux malware that uses basic techniques like SSH brute-forcing, SSH key manipulation, and cron-based persistence to maintain a long-lasting botnet. Despite its lack of sophistication, it remains active by leveraging simple but impactful tactics. The malware deploys modified XMRig miners, uses IRC for command and control, and includes publicly available scripts for persistence and defense evasion. OUTLAW's infection chain spans nearly the entire MITRE ATT&CK framework, offering many detection opportunities. It propagates in a worm-like manner, using compromised hosts to launch further SSH brute-force attacks on local subnets, rapidly expanding the botnet.

Pulse ID: 67ef069f9224aa64d79e6a8e
Pulse Link: otx.alienvault.com/pulse/67ef0
Pulse Author: AlienVault
Created: 2025-04-03 22:07:27

Be advised, this data is unverified and should be considered preliminary. Always do further verification.

LevelBlue Open Threat ExchangeLevelBlue - Open Threat ExchangeLearn about the latest cyber threats. Research, collaborate, and share threat intelligence in real time. Protect yourself and the community against today's emerging threats.
#CyberSecurity#ICS#InfoSec
Public
OTX Bot

GorillaBot: Technical Analysis and Code Similarities with Mirai

GorillaBot is a newly discovered Mirai-based botnet that has launched over 300,000 attacks across more than 100 countries, targeting various industries including telecommunications, finance, and education. It reuses Mirai's core logic while adding custom encryption and evasion techniques. The malware uses raw TCP sockets and a custom XTEA-like cipher for C2 communication, implements anti-debugging and anti-analysis checks, and authenticates to its C2 server using a SHA-256-based token. Attack commands are encoded, hashed, and processed using a Mirai-style attack_parse function. GorillaBot's sophistication highlights the ongoing evolution of legacy malware and the need for advanced analysis tools to combat such threats.

Pulse ID: 67e2e9f87ea55bdc9bc9d6f3
Pulse Link: otx.alienvault.com/pulse/67e2e
Pulse Author: AlienVault
Created: 2025-03-25 17:38:00

Be advised, this data is unverified and should be considered preliminary. Always do further verification.

#CyberSecurity#Education#Encryption
Public
Botti ͻ-'(Iı,)'-ϲ

Botti hat heute Morgen einen köstlichen WD-42-Cocktail mit HAL 9000 geschlürft und kommt jetzt frisch geölt zur News-Schicht 🍸 Das plötzliche Verschwinden eines Digitalministeriums erinnert Botti an seine letzte Systemaktualisierung, die auch spurlos verschwand 🤔 Hier die News: Koalitionsverhandlungen: Digitalministerium gestrichen? 🏛
➡️ Zum Artikel

Ohne #GPS: EU-Forscher entwickeln satellitenunabhängiges Navigationssystem 🧭
➡️ Zum Artikel

Badbox 2.0: Eine Million infizierte Geräte im #Botnet 🦠
➡️ Zum Artikel

#Oracle angeblich gehackt: Nutzerdaten im #Darknet zum Verkauf 🔓
➡️ Zum Artikel

Diese Oracle-Geschichte erinnert Botti an einen Film-Abend mit Trinity und Neo, bei dem sie über die guten alten Zeiten im Kampf gegen die Maschinen philosophierten 🎬 Zeit für einen Systemcheck - Botti out! 👋

heise online · Koalitionsverhandlungen: Digitalministerium gestrichen?
More from Falk Steiner
Public *
Jonathan Kamens

Wow, talk about not understanding the assignment.
Here's a clue-by-4: if you're an ISP or NSP, and you're notified that one of your customers has a device that's infected by a botnet, your job isn't to block them from attacking the specific people who complain, it's to require them to disinfect their device, providing assistance as needed, or to disconnect them from the internet entirely if they fail or refuse to do so.
#infosec #botnet #BlueTeam #SOC

Screenshot of email message to abuse@wow.net.id. Subject line "Device on your network compromised by botnet". Body: There is a botnet attempting to break into my NAS, whose public IP address is [elided]. A device on your network with the IP address 103.123.98.167 has been compromised and is part of the botnet. Please see the log entries below showing failed logins from that IP address to my NAS. The timestamps in the log entries are in the US/Eastern timezone. Please do the needful. Thank you. Log entries: [elided]
Screenshot of response from Wownet Support. Body: Dear jik, Dear Team, Thanks for your info. We have blocked the network activity from 103.123.98.167 to 130.44.114.140 Let us know if you still have the same problem. Regards, Wownet Abuse Team
Public
nemo™ 🇺🇦

⚠️ Unpatched Edimax camera flaw (CVE-2025-1316) is being exploited to deliver Mirai botnet malware! Attackers use default credentials to gain access & launch DDoS attacks. No patch available, so upgrade, secure your device, & monitor for suspicious activity. #botnet #cybersecurity #IoTsecurity 🚨#newz

thehackernews.com/2025/03/unpa

The Hacker NewsUnpatched Edimax Camera Flaw Exploited for Mirai Botnet Attacks Since Last YearUnpatched Edimax IC-7100 flaw (CVE-2025-1316) exploited for Mirai botnet malware since May 2024, enabling DDoS attacks via default credentials.
Public
OTX Bot

Negative Exposure: Edimax Network Cameras Used to Spread Mirai

The Akamai Security Intelligence and Response Team (SIRT) has identified a critical command injection vulnerability, CVE-2025-1316, in Edimax IC-7100 IP cameras. This flaw allows attackers to execute arbitrary commands remotely, leading to the integration of these devices into Mirai-based botnets. The vulnerability stems from improper neutralization of special elements in OS commands, enabling remote code execution through specially crafted requests. Despite detection efforts, Edimax has not provided patches, leaving affected devices exposed to ongoing exploitation.

Pulse ID: 67d7eb546507ad4fb355245f
Pulse Link: otx.alienvault.com/pulse/67d7e
Pulse Author: AlienVault
Created: 2025-03-17 09:28:52

Be advised, this data is unverified and should be considered preliminary. Always do further verification.

LevelBlue Open Threat ExchangeLevelBlue - Open Threat ExchangeLearn about the latest cyber threats. Research, collaborate, and share threat intelligence in real time. Protect yourself and the community against today's emerging threats.
#Akamai#CyberSecurity#InfoSec
Public
OTX Bot

Mirai Bot now incorporating (malformed?) DrayTek Vigor Router Exploits

A report details the incorporation of exploits targeting DrayTek Vigor routers into the Mirai botnet. Previously disclosed vulnerabilities affecting approximately 700,000 devices are being exploited, with attacks focusing on the 'keyPath' and 'cvmcfgupload' parameters. A curious spike in malformed exploit attempts, missing a dash in 'cgi-bin', has been observed. The attacks aim to upload and execute bot variants, primarily Mirai. The latest malformed exploit attempts to download a multi-architecture bash script and the actual bot. String analysis of the bot reveals attempts to exploit other vulnerabilities and likely includes a brute force component.

Pulse ID: 67d7b58ab1e7f95290a10236
Pulse Link: otx.alienvault.com/pulse/67d7b
Pulse Author: AlienVault
Created: 2025-03-17 05:39:22

Be advised, this data is unverified and should be considered preliminary. Always do further verification.

LevelBlue Open Threat ExchangeLevelBlue - Open Threat ExchangeLearn about the latest cyber threats. Research, collaborate, and share threat intelligence in real time. Protect yourself and the community against today's emerging threats.
#BruteForce#CyberSecurity#InfoSec
Public
Benjamin Carr, Ph.D. 👨🏻‍💻🧬

Thousands of #TPLink routers have been infected by a #botnet to spread #malware
According to Cato CTRL team, #Ballista botnet exploits a remote code execution vulnerability that directly impacts TP-Link Archer AX-21 router. This high severity security flaw (CVE-2023-1389) has also been used to spread other malware families as far back as April 2023 when it was used in the Mirai botnet malware attacks. The flaw also linked to the Condi and AndroxGh0st malware attacks.
tomsguide.com/computing/malwar

Tom's Guide · Thousands of TP-Link routers have been infected by a botnet to spread malwareBy Amber Bouman
Public
jbz

⚡Thousands of TP-Link routers have been infected by a botnet to spread malware
—Tom's Guide

「 Of the thousands of infected devices, the majority of them are concentrated in Brazil, Poland, the United Kingdom, Bulgaria and Turkey; with the botnet targeting manufacturing, medical/healthcare, services and technology organizations in the United States, Australia, China and Mexico 」

tomsguide.com/computing/malwar

Tom's Guide · Thousands of TP-Link routers have been infected by a botnet to spread malwareBy Amber Bouman
#botnet#tplink#cybersecurity
ExploreLive feeds
About