top of page
Search
Writer's pictureStormsec

RobinBot – A new type of DDoS botnet in rapid expansion

In early November 2022, Qianxin Threat Intelligence Center detected an incident with malicious samples from unknown families. The captured malicious samples borrowed from the malicious code of the Mirai and Gafgyt families were observed and found to support a variety of self-named DDoS attack methods, which can be spread through the Telnet service. These DDoS attack methods also integrated multiple vulnerabilities similar to the Omni family, Exp, which are currently spreading rapidly on the Internet.




MALWARE FAMILY: RobinBot


ATT&CK IDS: T1190 - Exploit Public-Facing Application, T1133 - External Remote Services, T1059 - Command and Scripting Interpreter, T1543 - Create or Modify System Process, T1053 - Scheduled Task/Job, T1090 - Proxy, T1498 - Network Denial of Service, T1021 - Remote Services, T1210 - Exploitation of Remote Services, T1098 - Account Manipulation


Read More:

2 views

ความคิดเห็น


ปิดการแสดงความคิดเห็น
bottom of page