mirai (5)

10807500276?profile=RESIZE_400xPalo Alto Networks’ Unit 42 researchers have reported the emergence of a new Mirai botnet variant called MooBot.  This variant is looking for unpatched D-Link devices to create its army of DDoS (distributed denial of service) bots.  For compromising vulnerable D-Link routers, MooBot uses multiple exploits.

Re-Emergence of Notorious MooBot:  The MooBot botnet was first discovered by Qihoo 360’s Netlab in Sep 2019, whereas the most recent wave of attacks involving MooBot, before the one detected b

10779952674?profile=RESIZE_400xFortiGuard Labs researchers have been tracking a quickly evolving IoT malware family known as “RapperBot” since mid-June 2022.  This family borrows heavily from the original Mirai source code, but what separates it from other IoT malware families is its built-in capability to brute force credentials and gain access to SSH servers instead of Telnet as implemented in Mirai.  In addition, recent samples show that its developers have started adding code to maintain persistence, which is rarely done

9193850468?profile=RESIZE_400xActivity Summary - Week Ending 2 July 2021:

  • Red Sky Alliance identified 19,270 connections from new unique IP addresses
  • Analysts identified 2,543 new IP addresses participating in various Botnets
  • 13 unique email accounts compromised with keyloggers were Observed
  • Netfilter
  • PJobRAT Spyware
  • Mirai Knockoffs
  • Salvation Army Hit
  • Conti & Canada
  • DragonForce / Israeli Banking
  • Fancy Lazarus attempts an attack on German Banks - Denied

Link to full report: IR-21-183-001_weekly_183_FINAL.pdf


8676877060?profile=RESIZE_400xCybercriminals had a busy year in 2020, with rapidly increasing numbers of distributed denial of service (DDoS) weapons, widespread botnet activity, and some of the largest DDoS attacks ever recorded. As COVID-19 drove an urgent shift online for everything from education and healthcare, to consumer shopping, to office work, hackers had more targets available than ever -- many of them under protected due to the difficulty of maintaining security best practices in an emergency scenario.

At the sam


Mirai is a self-propagating malware that infects networked devices and turns them into remotely controlled bots.  Targets include devices in the Internet of Things (IoT) such as IP cameras and home routers and access is achieved with either software exploits or via authentication with factory default credentials. Mirai is frequently updated to include new exploits making it difficult to mitigate.

This report provides cluster trending on infrastructure over the past several weeks from this repor