ioc[.]one - OSINT Cyber Threat Intelligence Database

Muhstik Botnet Attacks Tomato Routers to Harvest New IoT Devices

Tags

attack-pattern:

Botnet - T1583.005 Botnet - T1584.005 Dns - T1071.004 Dns - T1590.002 Domains - T1583.001 Domains - T1584.001 Exploits - T1587.004 Exploits - T1588.005 Firmware - T1592.003 Malware - T1587.001 Malware - T1588.001 Server - T1583.004 Server - T1584.004 Default Credentials

Show in Graph

Common Information

Type	Value
UUID	e7614905-4fd8-433e-b231-e2a9c1174c20
Fingerprint	f5ac91128d1625a3
Analysis status	DONE
Considered CTI value	2
Text language
Published	Jan. 21, 2020, 2 p.m.
Added to db	Sept. 26, 2022, 9:34 a.m.
Last updated	Nov. 18, 2024, 2:27 p.m.
Headline	Muhstik Botnet Attacks Tomato Routers to Harvest New IoT Devices
Title	Muhstik Botnet Attacks Tomato Routers to Harvest New IoT Devices
Detected Hints/Tags/Attributes	65/1/37

Source URLs

	Redirection	Url
Details	Source	https://unit42.paloaltonetworks.com/muhstik-botnet-attacks-tomato-routers-to-harvest-new-iot-devices/

URL Provider

Details	Provider	Source level domain
Details	paloaltonetworks.com	unit42.paloaltonetworks.com

Attributes

Details	Type	#Events	Value
Details	CVE	66	cve-2019-2725
Details	Domain	33	schemas.xmlsoap.org
Details	Domain	151	www.w3.org
Details	Domain	2	www.bea.com
Details	Domain	2	bea.com
Details	Domain	3	fd6fq54s6df541q23sdxfg.eu
Details	Domain	1	shadow.mods.net
Details	File	33	install.php
Details	File	32	schemas.xml
Details	File	1	beans.xml
Details	File	1	wl.php
Details	sha256	1	492780a9ac9f03305538b360d8a836c038da4920e8c1ae620988b120613c0b1f
Details	sha256	1	2548f5b1613f6ebba2ff589c7b3416ccdd066b73644d4d212232beb1cecd9c31
Details	sha256	1	a4ba50129408f9f52ddabe5bfd5bfb46aea0ca48fb616f495f2610b2f1729687
Details	sha256	1	7325742dc0d939542d4c04ae2ae8f2792711203de50d3d16de3a9f83baaf5435
Details	sha256	1	72123c51bcdf8c1784654d9e2470e69131872407408aa3cf775ea0ace87bb9a0
Details	sha256	1	cee20e79f20d35b95645f0cbda1897302e6e554c50f3e6754ce9293e3c1ba11c
Details	sha256	1	dc52a1193ecf6096192f771ae663de6e0389840cb5ceb7b979091333ce6f7f02
Details	IPv4	1	132.223.202.213
Details	IPv4	40	10.3.6.0
Details	IPv4	39	12.1.3.0
Details	IPv4	1	194.187.209.4
Details	IPv4	3	165.227.78.159
Details	IPv4	4	159.89.156.190
Details	IPv4	4	46.149.233.35
Details	IPv4	4	68.66.253.100
Details	IPv4	4	185.61.149.22
Details	Url	25	http://schemas.xmlsoap.org/soap/envelope
Details	Url	4	http://www.w3.org/2005/08/addressing
Details	Url	2	http://www.bea.com/async/asyncresponseservice
Details	Url	2	http://bea.com/2004/06/soap/workarea
Details	Url	1	http://165.227.78.159/wl.php
Details	Url	1	http://y.fd6fq54s6df541q23sdxfg.eu/nvr
Details	Url	1	http://159.89.156.190/.y/pty1
Details	Url	1	http://159.89.156.190/.y/pty3
Details	Url	1	http://159.89.156.190/.y/pty6
Details	Url	1	http://159.89.156.190/.y/pty5