ioc[.]one - OSINT Cyber Threat Intelligence Database

Mirai Botnet Attack IoT Devices via CVE-2020-5902

Tags

country:	Aruba
maec-delivery-vectors:	Watering Hole
attack-pattern:	Direct Botnet - T1583.005 Botnet - T1584.005 Credentials - T1589.001 Cron - T1053.003 Exploits - T1587.004 Exploits - T1588.005 Firmware - T1592.003 Ip Addresses - T1590.005 Malware - T1587.001 Malware - T1588.001 Python - T1059.006 Server - T1583.004 Server - T1584.004 Software - T1592.002 Ssh - T1021.004 Tool - T1588.002 Vulnerabilities - T1588.006

Show in Graph

Common Information

Type	Value
UUID	9ca149d3-d449-4697-bd38-60ce640eb58f
Fingerprint	b6641914ec333783
Analysis status	DONE
Considered CTI value	2
Text language
Published	July 28, 2020, midnight
Added to db	Oct. 15, 2024, 5:34 p.m.
Last updated	Nov. 12, 2024, 11:53 a.m.
Headline	Mirai Botnet Attack IoT Devices via CVE-2020-5902
Title	Mirai Botnet Attack IoT Devices via CVE-2020-5902
Detected Hints/Tags/Attributes	56/3/30

Source URLs

	Redirection	Url
Details	Source	https://www.trendmicro.com/en_ca/research/20/g/mirai-botnet-attack-iot-devices-via-cve-2020-5902.html

URL Provider

Details	Provider	Source level domain
Details	trendmicro.com	www.trendmicro.com

Attributes

Details	Type	#Events	Value
Details	CVE	77	cve-2020-5902
Details	CVE	2	cve-2020-1956
Details	CVE	2	cve-2020-7115
Details	CVE	8	cve-2020-10173
Details	CVE	3	cve-2020-7209
Details	CVE	11	cve-2020-10987
Details	CVE	1	cve-2020-10204
Details	Domain	49	trojan.sh
Details	Domain	2	fetch.sh
Details	File	2	tmshcmd.jsp
Details	sha256	1	acb930a41abdc4b055e2e3806aad85068be8d85e0e0610be35e784bfd7cf5b0e
Details	sha256	1	037859323285e0bbbc054f43b642c48f2826924149cb1c494cbbf1fc8707f942
Details	sha256	1	55c4675a84c1ee40e67209dfde25a5d1c1979454ec2120047026d94f64d57744
Details	sha256	1	03254e6240c35f7d787ca5175ffc36818185e62bdfc4d88d5b342451a747156d
Details	sha256	1	204cbad52dde24ab3df41c58021d8039910bf7ea07645e70780c2dbd66f7e90b
Details	sha256	1	3f8e65988b8e2909f0ea5605f655348efb87565566808c29d136001239b7dfa9
Details	sha256	1	15b2ee07246684f93b996b41578ff32332f4f2a60ef3626df9dc740405e45751
Details	sha256	1	0ca27c002e3f905dddf9083c9b2f8b3c0ba8fb0976c6a06180f623c6acc6d8ca
Details	sha256	1	ecc1e3f8332de94d830ed97cd07867b90a405bc9cc1b8deccec51badb4a2707c
Details	sha256	1	e71aca778ea1753973b23e6aa29d1445f93dc15e531c706b6165502d6cf0bfa4
Details	IPv4	2	79.124.8.24
Details	IPv4	3	78.142.18.20
Details	IPv4	3	15.1.0.3
Details	IPv4	3	14.1.2.5
Details	IPv4	3	13.1.3.3
Details	IPv4	3	12.1.5.1
Details	IPv4	3	11.6.5.1
Details	Url	1	http://79.124.8.24/bins
Details	Url	1	http://78.142.18.20
Details	Url	1	http://79.124.8.24/bins/sora.