200K Outlaw Botnet Uses SSH Brute Forcing to Propagate, Monero Mining for Profit

[silversurfer]

The botnet which was once a DoS-focused botnet targeting Windows, Linux, Android, and enterprise IoT devices created by the Outlaw group has recently been upgraded to also mine for Monero and to propagate using SSH brute-force attacks.

As initially discovered by the Trend Micro's Cyber Safety Solutions Team, this botnet was created by a Romanian threat group dubbed Outlaw which used the servers of a Japanese art institution and a Bangladeshi government website as command-and-control (C&C) servers.

The attacking bots who are part of the network will use a malicious tool named haiduc to scan for and attack systems vulnerable to the CVE-2017-1000117 command injection vulnerability.
Once it manages to compromise a host, the bot will automatically download a min.sh script which comes in two variants, each of them designed to use different attacks.

A full list of Indicators of Compromise (IOCs) is available on Trend Micro's TrendLabs Security Intelligence Blog.

Source: https://news.softpedia.com/news/200k-out...3888.shtml