21 November 18, 14:54
Quote:The botnet which was once a DoS-focused botnet targeting Windows, Linux, Android, and enterprise IoT devices created by the Outlaw group has recently been upgraded to also mine for Monero and to propagate using SSH brute-force attacks.
As initially discovered by the Trend Micro's Cyber Safety Solutions Team, this botnet was created by a Romanian threat group dubbed Outlaw which used the servers of a Japanese art institution and a Bangladeshi government website as command-and-control (C&C) servers.
The attacking bots who are part of the network will use a malicious tool named haiduc to scan for and attack systems vulnerable to the CVE-2017-1000117 command injection vulnerability.
Once it manages to compromise a host, the bot will automatically download a min.sh script which comes in two variants, each of them designed to use different attacks.
A full list of Indicators of Compromise (IOCs) is available on Trend Micro's TrendLabs Security Intelligence Blog.
Source: https://news.softpedia.com/news/200k-out...3888.shtml
![[-]](https://www.geeks.fyi/images/collapse.png)
