Thursday, November 30, 2023

InfectedSlurs Botnet Spreads Mirai via Zero-Days

The InfectedSlurs Botnet, which leverages the Mirai malware, is a sophisticated cyber threat recently identified by the Akamai Security Incident Response Team (SIRT). This botnet has been exploiting two zero-day remote code execution (RCE) vulnerabilities to infect routers and Network Video Recorders (NVRs). The main goal of this botnet is to build a distributed denial-of-service (DDoS) botnet.

Key aspects of the InfectedSlurs Botnet include:

Exploitation of Zero-Day Vulnerabilities: InfectedSlurs has been using two zero-day RCE vulnerabilities to infiltrate and infect devices. These vulnerabilities are unpatched, making them particularly effective for malicious purposes.

Deployment of Mirai Malware: The botnet deploys the popular Mirai malware, known for its role in large-scale DDoS attacks. Mirai is notorious for exploiting insecure IoT devices and forming them into a botnet to launch DDoS attacks.

Monitoring Campaign: Akamai SIRT has been monitoring this botnet since late 2022 through custom-built honeypots. They have observed increased activity targeting a rarely used TCP port, indicating a strategic approach to finding vulnerable systems.

JenX Mirai Variant: InfectedSlurs is identified as a variant of the JenX Mirai malware, which first came to light in January 2018. The botnet has been codenamed 'InfectedSlurs' due to the use of racial and offensive language in its command-and-control (C2) servers and hard-coded strings.

Undisclosed Perpetrators: The perpetrators behind these attacks have not yet been identified. This anonymity adds to the threat's complexity, as it hampers efforts to track and mitigate the botnet's spread.

This botnet's activities highlight the ongoing risk posed by zero-day vulnerabilities and the importance of securing IoT devices against such sophisticated attacks. The use of Mirai malware and its variants in these attacks underlines the continued relevance of this malware in the cyber threat landscape

IoC

DOMAIN

  • cnc.kintaro.cc
  • skid.uno
  • sdfsd.xyz
  • rwziag.pirate
  • pqahzam.ink
  • ksarpo.parody
  • jiggaboojones.tech
  • infectedchink.online
  • infectedchink.cat

REFERENCES

  • https://www.akamai.com/blog/security-research/new-rce-botnet-spreads-mirai-via-zero-days#:~:text=These%20vulnerabilities%20are%20being%20actively,the%20popular%20malware%20family%20Mirai
  • https://www.bleepingcomputer.com/news/security/new-botnet-malware-exploits-two-zero-days-to-infect-nvrs-and-routers/#:~:text=November%2022%2C%202023,infect%20routers%20and%20video
  • https://gridinsoft.com/blogs/infectedslurs-botnet-mirai-malware/#:~:text=InfectedSlurs%20Botnet%20Exploits%20Zero,SIRT%20in%20a%20recent%20development
  • https://otx.alienvault.com/pulse/6560a2629741c6dccf310fd3

TAGS

mirai, infectedslurs, jenx, hailbot

at
Labels: , , ,

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)

En el contexto creciente de convergencia entre sistemas industriales, inteligencia artificial (IA) y digitalización, la gestión del riesgo c...