home.social

#moobot — Public Fediverse posts

Live and recent posts from across the Fediverse tagged #moobot, aggregated by home.social.

  1. Nice #MooBot botnet

    Botnet C2 domain:
    🔥 putin.zelenskyj .ru

    Pointing to:
    45.88.90.30:43957 (AS203168 Constant MOULIN 🇧🇪)

    DNS resolution provided by Cloudflare 🔎

    Payload URLs:
    🌐 urlhaus.abuse.ch/host/45.88.90

    Payload:
    📄 bazaar.abuse.ch/sample/21f1caa

  2. Fortinet warns that multiple botnets continue exploiting CVE-2023-1389 (8.8 high, disclosed 15 March 2023, added to CISA's KEV Catalog 01 May 2023) TP-Link command injection for wide-scale spread. Botnets include Moobot, Miroi, the Golang-based agent “AGoent,” and the Gafgyt Variant. The blog post explores their infection traffic patterns and offer insights into these botnets. 🔗 fortinet.com/blog/threat-resea

    #CVE_2023_1389 #TPLink #eitw #activeexploitation #botnet #moobot #miroi #agoent #mirai #gafgyt #threatintel #IOC

  3. Fortinet warns that multiple botnets continue exploiting CVE-2023-1389 (8.8 high, disclosed 15 March 2023, added to CISA's KEV Catalog 01 May 2023) TP-Link command injection for wide-scale spread. Botnets include Moobot, Miroi, the Golang-based agent “AGoent,” and the Gafgyt Variant. The blog post explores their infection traffic patterns and offer insights into these botnets. 🔗 fortinet.com/blog/threat-resea

    #CVE_2023_1389 #TPLink #eitw #activeexploitation #botnet #moobot #miroi #agoent #mirai #gafgyt #threatintel #IOC

  4. Fortinet warns that multiple botnets continue exploiting CVE-2023-1389 (8.8 high, disclosed 15 March 2023, added to CISA's KEV Catalog 01 May 2023) TP-Link command injection for wide-scale spread. Botnets include Moobot, Miroi, the Golang-based agent “AGoent,” and the Gafgyt Variant. The blog post explores their infection traffic patterns and offer insights into these botnets. 🔗 fortinet.com/blog/threat-resea

    #CVE_2023_1389 #TPLink #eitw #activeexploitation #botnet #moobot #miroi #agoent #mirai #gafgyt #threatintel #IOC

  5. Fortinet warns that multiple botnets continue exploiting CVE-2023-1389 (8.8 high, disclosed 15 March 2023, added to CISA's KEV Catalog 01 May 2023) TP-Link command injection for wide-scale spread. Botnets include Moobot, Miroi, the Golang-based agent “AGoent,” and the Gafgyt Variant. The blog post explores their infection traffic patterns and offer insights into these botnets. 🔗 fortinet.com/blog/threat-resea

    #CVE_2023_1389 #TPLink #eitw #activeexploitation #botnet #moobot #miroi #agoent #mirai #gafgyt #threatintel #IOC

  6. Fortinet warns that multiple botnets continue exploiting CVE-2023-1389 (8.8 high, disclosed 15 March 2023, added to CISA's KEV Catalog 01 May 2023) TP-Link command injection for wide-scale spread. Botnets include Moobot, Miroi, the Golang-based agent “AGoent,” and the Gafgyt Variant. The blog post explores their infection traffic patterns and offer insights into these botnets. 🔗 fortinet.com/blog/threat-resea

    #CVE_2023_1389 #TPLink #eitw #activeexploitation #botnet #moobot #miroi #agoent #mirai #gafgyt #threatintel #IOC

  7. #Russian hackers hijack #Ubiquiti routers to launch stealthy attacks
    "#EdgeRouters are often shipped with default credentials and limited to no firewall protections to accommodate wireless internet service providers (#WISP)," the joint advisory warns. "Additionally, EdgeRouters do not automatically update firmware unless a consumer configures them to do so."
    #FBI disrupted a #botnet of EdgeRouters infected with #Moobot #malware by #cybercriminals not linked with #APT28
    bleepingcomputer.com/news/secu

  8. Ermittlungserfolg gegen #Cyberkriminalität: Sicherheitsbehörden von Bund und Ländern haben unter Koordination von Bundeskriminalamt und Bundesverfassungsschutz und in Kooperation mit dem FBI das weltweite Botnetz #Moobot. Es wurde u.a. von der russischen Gruppierung APT28 genutzt.

    Mehr Informationen: tagesschau.de/inland/innenpoli

  9. #FBI Dismantles #Ubiquiti Router Botnet Controlled by #Russia
    “Non-GRU cybercriminals installed the Moobot malware on Ubiquiti #EdgeOS routers that still used publicly known default administrator #passwords. #GRU hackers then used the #Moobot #malware to install their own bespoke scripts and files that repurposed the botnet, turning it into a global cyber #espionage platform,” agency said
    securityweek.com/fbi-dismantle #ForestBlizzard #Sofacy #FancyBear #APT28

    Please patch and change #defaultpasswords

  10. #FBI Dismantles #Ubiquiti Router Botnet Controlled by #Russia
    “Non-GRU cybercriminals installed the Moobot malware on Ubiquiti #EdgeOS routers that still used publicly known default administrator #passwords. #GRU hackers then used the #Moobot #malware to install their own bespoke scripts and files that repurposed the botnet, turning it into a global cyber #espionage platform,” agency said
    securityweek.com/fbi-dismantle #ForestBlizzard #Sofacy #FancyBear #APT28

    Please patch and change #defaultpasswords

  11. Dismantles Router Botnet Controlled by
    “Non-GRU cybercriminals installed the Moobot malware on Ubiquiti routers that still used publicly known default administrator . hackers then used the to install their own bespoke scripts and files that repurposed the botnet, turning it into a global cyber platform,” agency said
    securityweek.com/fbi-dismantle

    Please patch and change

  12. #FBI Dismantles #Ubiquiti Router Botnet Controlled by #Russia
    “Non-GRU cybercriminals installed the Moobot malware on Ubiquiti #EdgeOS routers that still used publicly known default administrator #passwords. #GRU hackers then used the #Moobot #malware to install their own bespoke scripts and files that repurposed the botnet, turning it into a global cyber #espionage platform,” agency said
    securityweek.com/fbi-dismantle #ForestBlizzard #Sofacy #FancyBear #APT28

    Please patch and change #defaultpasswords

  13. #FBI Dismantles #Ubiquiti Router Botnet Controlled by #Russia
    “Non-GRU cybercriminals installed the Moobot malware on Ubiquiti #EdgeOS routers that still used publicly known default administrator #passwords. #GRU hackers then used the #Moobot #malware to install their own bespoke scripts and files that repurposed the botnet, turning it into a global cyber #espionage platform,” agency said
    securityweek.com/fbi-dismantle #ForestBlizzard #Sofacy #FancyBear #APT28

    Please patch and change #defaultpasswords

  14. Hikvision video systems have become the targets of hackers in an attempt to conduct a cyberattack that has the role to drop a #DDoS botnet. The #botnet under discussion is dubbed #Moobot, being a #Mirai-based one. #vuln #cyber #threats #informatique

    heimdalsecurity.com/blog/moobo