MooBot on the run using another 0 day targeting UNIX CCTV DVR
Tags
| country: | Australia Malaysia Canada Switzerland China Netherlands Germany Japan Romania United States Of America |
| maec-delivery-vectors: | Watering Hole |
| attack-pattern: | Botnet - T1583.005 Botnet - T1584.005 Server - T1583.004 Server - T1584.004 Vulnerabilities - T1588.006 Connection Proxy - T1090 |
Common Information
| Type | Value |
|---|---|
| UUID | c6b672aa-1692-4406-8e98-fa398a4c941b |
| Fingerprint | 3d895d112a65ea89 |
| Analysis status | DONE |
| Considered CTI value | 2 |
| Text language | |
| Published | Nov. 20, 2020, midnight |
| Added to db | Sept. 11, 2022, 12:43 p.m. |
| Last updated | Nov. 17, 2024, 5:54 p.m. |
| Headline | MooBot on the run using another 0 day targeting UNIX CCTV DVR |
| Title | MooBot on the run using another 0 day targeting UNIX CCTV DVR |
| Detected Hints/Tags/Attributes | 63/3/131 |
Source URLs
| Redirection | Url | |
|---|---|---|
| Details | Source | https://blog.netlab.360.com/moobot-0day-unixcctv-dvr-en/ |
URL Provider
Attributes
| Details | Type | #Events | CTI | Value |
|---|---|---|---|---|
| Details | Autonomous System Number | 1 | AS47540 |
|
| Details | Autonomous System Number | 4 | AS43350 |
|
| Details | Autonomous System Number | 1 | AS62355 |
|
| Details | Autonomous System Number | 2 | AS44066 |
|
| Details | Autonomous System Number | 4 | AS202425 |
|
| Details | Autonomous System Number | 1 | AS199524 |
|
| Details | Domain | 38 | blog.netlab.360.com |
|
| Details | Domain | 6 | time.nist.gov |
|
| Details | Domain | 1 | ol6zbnlduigehodu.onion |
|
| Details | Domain | 1 | uajl7qmdquxaramd.onion |
|
| Details | Domain | 1 | nhez3ihtwxwthjkm.onion |
|
| Details | Domain | 1 | electrum.hodlister.co |
|
| Details | Domain | 1 | djq6cvwigo7l7q62.onion |
|
| Details | Domain | 1 | dl3ochoifo77lsak.onion |
|
| Details | Domain | 1 | krjn77m6demafp77.onion |
|
| Details | Domain | 1 | mvo4y3vr7xuxhwcf.onion |
|
| Details | Domain | 1 | stmptmmm27tco3oh.onion |
|
| Details | Domain | 1 | tto6kqp6nsto5din.onion |
|
| Details | Domain | 1 | wsvo6jwd3spsb4us.onion |
|
| Details | Domain | 1 | ape.run |
|
| Details | Domain | 1 | uglykr.xyz |
|
| Details | Domain | 1 | kreb.xyz |
|
| Details | Domain | 1 | osrq.xyz |
|
| Details | md5 | 1 | af3720d0141d246bd3ede434f7a14dcb |
|
| Details | md5 | 1 | fb96c74e0548bd41621ea0dd98e8b2bb |
|
| Details | md5 | 1 | 022081bc7f49b4aa5c4b36982390cd97 |
|
| Details | md5 | 1 | 05764c4d5ec37575d5fd3efe95cf3458 |
|
| Details | md5 | 1 | 260bda811c00dac88b4f5a35e9939760 |
|
| Details | md5 | 1 | 30416eae1f1922b28d93be8078b25ba0 |
|
| Details | md5 | 1 | 348acf45ccb313f6c5d34ca5f68f5e13 |
|
| Details | md5 | 1 | 3e9ae33e0d5c36f7cd5f576233d83f26 |
|
| Details | md5 | 1 | 4d785886039cbca5372068377f72da43 |
|
| Details | md5 | 1 | 565c0456c7fbb393ec483c648155b119 |
|
| Details | md5 | 1 | 655b56b345799f99b614e23128942b92 |
|
| Details | md5 | 1 | 7735289d33d14644fea27add188093ea |
|
| Details | md5 | 1 | 7988a73a4b5ccb7ca9b98dc633b8c0c6 |
|
| Details | md5 | 1 | b2c66c2831173b1117467fdabc78241e |
|
| Details | md5 | 1 | bb27f755238528fc3c6386287a5c74a7 |
|
| Details | md5 | 1 | bff215a95f088672ad13933a1de70861 |
|
| Details | md5 | 1 | cb428a513275b5e969353596deb7383d |
|
| Details | md5 | 1 | cf3602498c49caa902d87579fd420098 |
|
| Details | md5 | 1 | e24dc070a4d90a7b01389de9f2805b2b |
|
| Details | md5 | 1 | fe0488ec71ee04ddb47792cae199595b |
|
| Details | IPv4 | 1 | 205.185.116.68 |
|
| Details | IPv4 | 1 | 1.26.150.133 |
|
| Details | IPv4 | 1 | 104.45.52.37 |
|
| Details | IPv4 | 1 | 107.21.38.230 |
|
| Details | IPv4 | 1 | 12.11.175.187 |
|
| Details | IPv4 | 3 | 128.199.45.26 |
|
| Details | IPv4 | 1 | 13.50.100.110 |
|
| Details | IPv4 | 1 | 136.243.69.28 |
|
| Details | IPv4 | 1 | 138.68.107.137 |
|
| Details | IPv4 | 1 | 158.69.33.149 |
|
| Details | IPv4 | 1 | 165.22.117.234 |
|
| Details | IPv4 | 1 | 173.212.249.65 |
|
| Details | IPv4 | 1 | 185.242.114.206 |
|
| Details | IPv4 | 1 | 193.29.187.226 |
|
| Details | IPv4 | 1 | 193.70.77.132 |
|
| Details | IPv4 | 1 | 20.188.45.175 |
|
| Details | IPv4 | 1 | 3.8.5.177 |
|
| Details | IPv4 | 1 | 31.6.69.162 |
|
| Details | IPv4 | 1 | 35.153.180.187 |
|
| Details | IPv4 | 1 | 35.158.231.234 |
|
| Details | IPv4 | 1 | 4.21.119.186 |
|
| Details | IPv4 | 1 | 45.137.22.80 |
|
| Details | IPv4 | 1 | 45.14.148.239 |
|
| Details | IPv4 | 1 | 46.101.216.75 |
|
| Details | IPv4 | 1 | 5.138.113.101 |
|
| Details | IPv4 | 1 | 5.252.225.249 |
|
| Details | IPv4 | 1 | 51.11.247.88 |
|
| Details | IPv4 | 1 | 51.15.239.174 |
|
| Details | IPv4 | 1 | 51.75.144.59 |
|
| Details | IPv4 | 1 | 51.77.148.172 |
|
| Details | IPv4 | 1 | 62.149.14.80 |
|
| Details | IPv4 | 1 | 79.130.136.67 |
|
| Details | IPv4 | 1 | 80.241.212.116 |
|
| Details | IPv4 | 1 | 82.146.61.193 |
|
| Details | IPv4 | 1 | 82.230.81.131 |
|
| Details | IPv4 | 1 | 86.177.24.148 |
|
| Details | IPv4 | 1 | 89.163.146.187 |
|
| Details | IPv4 | 1 | 89.217.41.145 |
|
| Details | IPv4 | 1 | 9.43.47.135 |
|
| Details | IPv4 | 1 | 9.43.47.39 |
|
| Details | IPv4 | 1 | 90.93.30.29 |
|
| Details | IPv4 | 1 | 91.228.218.66 |
|
| Details | IPv4 | 1 | 92.222.76.104 |
|
| Details | IPv4 | 1 | 92.29.22.186 |
|
| Details | IPv4 | 1 | 93.104.211.123 |
|
| Details | IPv4 | 1 | 94.100.28.172 |
|
| Details | IPv4 | 1 | 104.244.78.131 |
|
| Details | IPv4 | 1 | 107.189.10.28 |
|
| Details | IPv4 | 1 | 141.164.63.40 |
|
| Details | IPv4 | 1 | 172.104.105.205 |
|
| Details | IPv4 | 1 | 185.216.140.70 |
|
| Details | IPv4 | 1 | 185.39.11.84 |
|
| Details | IPv4 | 1 | 89.248.174.166 |
|
| Details | IPv4 | 1 | 92.223.73.55 |
|
| Details | IPv4 | 1 | 176.126.175.10 |
|
| Details | IPv4 | 1 | 176.126.175.8 |
|
| Details | IPv4 | 1 | 185.107.80.202 |
|
| Details | IPv4 | 1 | 185.107.80.203 |
|
| Details | IPv4 | 1 | 185.107.80.34 |
|
| Details | IPv4 | 1 | 185.107.80.62 |
|
| Details | IPv4 | 1 | 212.224.124.178 |
|
| Details | IPv4 | 1 | 89.248.174.165 |
|
| Details | IPv4 | 1 | 89.248.174.203 |
|
| Details | IPv4 | 1 | 92.223.73.136 |
|
| Details | IPv4 | 1 | 92.223.73.54 |
|
| Details | IPv4 | 1 | 92.223.73.72 |
|
| Details | Url | 1 | https://blog.netlab.360.com/the-botnet-cluster-on-185-244-25-0-24-en |
|
| Details | Url | 1 | https://blog.netlab.360.com/ddos-botnet-moobot-en |
|
| Details | Url | 1 | https://blog.netlab.360.com/multiple-botnets-are-spreading-using-lilin-dvr-0-day-en |
|
| Details | Url | 1 | http://205.185.116.68/boot |
|
| Details | Url | 1 | http[://104.244.78.131/boot |
|
| Details | Url | 1 | http[://104.244.78.131/fre |
|
| Details | Url | 1 | http[://107.189.10.28/boot |
|
| Details | Url | 1 | http[://107.189.10.28/fre |
|
| Details | Url | 1 | http[://141.164.63.40/boot |
|
| Details | Url | 1 | http[://141.164.63.40/fre |
|
| Details | Url | 1 | http[://172.104.105.205/boot |
|
| Details | Url | 1 | http[://185.216.140.70/fre |
|
| Details | Url | 1 | http[://185.216.140.70/t |
|
| Details | Url | 1 | http[://185.39.11.84/fre |
|
| Details | Url | 1 | http[://89.248.174.166/t |
|
| Details | Url | 1 | http[://92.223.73.55/fre |
|
| Details | Url | 1 | http[://ape.run/dtf/b |
|
| Details | Url | 1 | http[://ape.run/fre |
|
| Details | Url | 1 | http[://c.uglykr.xyz/fre |
|
| Details | Url | 1 | http[://kreb.xyz/fre |
|
| Details | Url | 1 | http[://osrq.xyz/dtf/b |
|
| Details | Url | 1 | http[://osrq.xyz/fre |