Collecting and operationalizing threat data from the Mozi botnet — Elastic Security Labs
Tags
Common Information
| Type | Value |
|---|---|
| UUID | 0ed64d08-6dbc-4335-91d1-8a47f74a25dd |
| Fingerprint | b48d3b8049798203 |
| Analysis status | DONE |
| Considered CTI value | 1 |
| Text language | |
| Published | June 2, 2022, midnight |
| Added to db | Nov. 19, 2023, 6:17 a.m. |
| Last updated | Nov. 17, 2024, 7:44 p.m. |
| Headline | Collecting and operationalizing threat data from the Mozi botnet |
| Title | Collecting and operationalizing threat data from the Mozi botnet — Elastic Security Labs |
| Detected Hints/Tags/Attributes | 78/3/46 |
Source URLs
URL Provider
RSS Feed
| Details | Id | Enabled | Feed title | Url | Added to db |
|---|---|---|---|---|---|
| Details | 306 | ✔ | Elastic Security Labs | https://www.elastic.co/security-labs/rss/feed.xml | 2024-08-30 22:08 |
Attributes
| Details | Type | #Events | CTI | Value |
|---|---|---|---|---|
| Details | Domain | 97 | abuse.ch |
|
| Details | Domain | 2 | threatfox-api.abuse.ch |
|
| Details | Domain | 96 | malpedia.caad.fkie.fraunhofer.de |
|
| Details | Domain | 93 | bazaar.abuse.ch |
|
| Details | Domain | 3 | mb-api.abuse.ch |
|
| Details | Domain | 4 | dht.transmissionbt.com |
|
| Details | Domain | 6 | router.bittorrent.com |
|
| Details | Domain | 5 | router.utorrent.com |
|
| Details | Domain | 4 | bttracker.debian.org |
|
| Details | Domain | 2 | abc.abc.abc.abc |
|
| Details | Domain | 39 | xxx.xxx.xxx.xxx |
|
| Details | Domain | 9 | event.id |
|
| Details | Domain | 2 | threat.software |
|
| Details | Domain | 2 | threat.software.name |
|
| Details | Domain | 3 | collection.sh |
|
| Details | Domain | 4127 | github.com |
|
| Details | Domain | 2 | tactic.as |
|
| Details | Domain | 11 | threatfox.abuse.ch |
|
| Details | Domain | 2 | cujo.com |
|
| Details | Domain | 2 | vcodispot.com |
|
| Details | Domain | 38 | blog.netlab.360.com |
|
| Details | Domain | 145 | threatpost.com |
|
| Details | Domain | 101 | www.elastic.co |
|
| Details | File | 2 | 832fb4090879c1bebe75bea939a9c5724dbf87898febd425f94f7e03ee687d3b.raw |
|
| Details | File | 8 | upx.exe |
|
| Details | File | 2 | indicator.geo |
|
| Details | File | 2 | pipeline.json |
|
| Details | File | 2 | maps.html |
|
| Details | File | 2 | lens.html |
|
| Details | Github username | 17 | elastic |
|
| Details | sha256 | 3 | 832fb4090879c1bebe75bea939a9c5724dbf87898febd425f94f7e03ee687d3b |
|
| Details | IPv4 | 619 | 0.0.0.0 |
|
| Details | Url | 2 | https://threatfox-api.abuse.ch/api/v1 |
|
| Details | Url | 3 | https://mb-api.abuse.ch/api/v1 |
|
| Details | Url | 2 | https://github.com/elastic/examples |
|
| Details | Url | 2 | https://github.com/elastic/examples/tree/master/blog/mozin-about |
|
| Details | Url | 2 | https://threatfox.abuse.ch/browse |
|
| Details | Url | 2 | https://cujo.com/upx-anti-unpacking-techniques-in-iot-malware |
|
| Details | Url | 2 | https://vcodispot.com/corrupted-upx-packed-elf-repair |
|
| Details | Url | 2 | https://blag.nullteilerfrei.de/2019/12/26/upx-packed-elf-binaries-of-the-peer-to-peer-botnet-family-mozi |
|
| Details | Url | 2 | https://blog.netlab.360.com/mozi-another-botnet-using-dht |
|
| Details | Url | 2 | https://threatpost.com/mozi-botnet-majority-iot-traffic/159337 |
|
| Details | Url | 2 | https://www.bleepingcomputer.com/news/security/new-mozi-p2p-botnet-takes-over-netgear-d-link-huawei-routers |
|
| Details | Url | 2 | https://www.elastic.co/guide/en/kibana/current/maps.html |
|
| Details | Url | 2 | https://www.elastic.co/guide/en/kibana/current/lens.html |
|
| Details | Yara rule | 2 | rule Mozi_Obfuscation_Technique {
meta:
author = "Elastic Security, Lars Wallenborn (@larsborn)"
description = "Detects obfuscation technique used by Mozi botnet."
strings:
$a = { 55 50 58 21 [4] 00 00 00 00 00 00 00 00 00 00 00 00 }
condition:
all of them
} |