Necro Python Botnet Goes After Vulnerable VisualTools DVR | Official Juniper Networks Blogs
Tags
attack-pattern: Botnet - T1583.005 Botnet - T1584.005 Dns - T1071.004 Dns - T1590.002 Domains - T1583.001 Domains - T1584.001 Dynamic Dns - T1311 Dynamic Dns - T1333 Exploits - T1587.004 Exploits - T1588.005 Ip Addresses - T1590.005 Javascript - T1059.007 Python - T1059.006 Server - T1583.004 Server - T1584.004 Vulnerabilities - T1588.006 Rootkit - T1014 Rootkit
Show in Graph
Common Information
Type Value
UUID a99ba18d-31a2-45bc-ae5c-2d7c37116e48
Fingerprint 398ba659ccc33481
Analysis status DONE
Considered CTI value 2
Text language
Published Oct. 11, 2021, 1 p.m.
Added to db Sept. 26, 2022, 9:34 a.m.
Last updated Nov. 18, 2024, 8:27 a.m.
Headline Necro Python Botnet Goes After Vulnerable VisualTools DVR
Title Necro Python Botnet Goes After Vulnerable VisualTools DVR | Official Juniper Networks Blogs
Detected Hints/Tags/Attributes 52/1/38
Source URLs
Redirection Url
Details Source https://blogs.juniper.net/en-us/threat-research/necro-python-botnet-goes-after-vulnerable-visualtools-dvr
URL Provider
Details Provider Source level domain
Details juniper.net blogs.juniper.net
Attributes
Details Type #Events CTI Value
Details CVE 2 
cve-2020-15568
Details CVE 1 
cve-2021-2900
Details CVE 1 
cve-2020-25494
Details CVE 9 
cve-2020-28188
Details CVE 6 
cve-2019-12725
Details Domain 1 
visual-tools.com
Details Domain 41 
ddns.net
Details Domain 1 
3ood3dfcqchro.ddns.net
Details Domain 1 
gtmpbeaxruxy.myftp.org
Details Domain 2 
ublock-referer.dev
Details Domain 138 
setup.py
Details File 3 
campaign.js
Details File 127 
setup.py
Details sha256 1 
eb4a48a32af138e9444f87c4706e5c03d8dc313fabb7ea88c733ef1be9372899
Details sha256 1 
e524bd7789b82df11891cc2c12af1ac0ea41dd0b946e1e04a4246cb36321f82f
Details sha256 1 
0e537db39a7be5493750b7805e3a97da9e6dd78a0c7fca282a55a0241803d803
Details sha256 1 
f72babf978d8b86a75e3b34f59d4fc6464dc988720d1574a781347896c2989c7
Details IPv4 1 
4.2.28.0
Details IPv4 1 
107.150.8.170
Details IPv4 1 
95.217.251.233
Details IPv4 1 
5.130.184.36
Details IPv4 1 
83.234.161.187
Details IPv4 1 
185.186.240.37
Details IPv4 1 
5.61.53.57
Details IPv4 1 
23.237.60.122
Details IPv4 1 
185.82.217.167
Details IPv4 1 
78.153.5.183
Details IPv4 1 
51.210.202.187
Details IPv4 2 
85.159.44.163
Details IPv4 1 
217.12.221.85
Details IPv4 1 
130.61.153.38
Details IPv4 1 
142.93.143.155
Details IPv4 1 
8.209.253.198
Details IPv4 1442 
127.0.0.1
Details Url 1 
http://gtmpbeaxruxy.myftp.org/setup.py
Details Url 1 
http://gtmpbeaxruxy.myftp.org/setup
Details Url 1 
http://gtmpbeaxruxy.myftp.org/xmrig
Details Url 1 
http://gtmpbeaxruxy.myftp.org/xmrig1