In mid-November 2024, the Akamai SIRT discovered an uptick in activity targeting the URI /cgi-bin/cgi_main.cgi in our global network of honeypots. This activity appears to be part of a recent ongoing Mirai-based malware campaign dating back to at least October 2024. Further investigation into this campaign revealed a new botnet that calls itself the “Hail C*ck Botnet” that’s been active since at least September 2024. Using a Mirai malware variant that incorporates ChaCha20 and XOR decryption algorithms, it has been seen compromising vulnerable Internet of Things (IoT) devices in the wild, such as the DigiEver DVR, and TP-Link devices through CVE-2023-1389. Author: AlienVault
Related Tags:
digiever
Mirai
IoT
T1583.005
T1110
TA0011
AlienVault OTX
AlienVault
Associated Indicators:
A1B73A3FBD2E373A35D3745D563186B06857F594FA5379F6F7401D09476A0C41
31813BB69E10B636C785358CA09D7F91979454DC6FC001F750BF03AD8BDE8FE5
B32390E3ED03B99419C736B2EB707886B9966F731E629F23E3AF63EA7A91A7AF
3C0EB5DE2946C558159A6B6A656D463FEBEE037C17A1F605330E601CFCD39615
0D8C3289A2B21ABB0D414E2C730D46081E9334A97B5E0B52B9A2F248C59A59AD
3472C3FFA4B2049110A8DE71A416D8D5235EE6A0
DA3B2E781ACF9FD712D0ADB4F7D6F989
hikvision.geek
hailcocks.ru