Researchers have been tracking a rapidly evolving IoT malware family known as “RapperBot” since mid-June 2022. This family borrows heavily from the original Mirai source code, but what separates it from other IoT malware families is its built-in capability to brute force credentials and gain access to SSH servers instead of Telnet as implemented in Mirai.
MALWARE FAMILIES: Mirai, Gafgyt, RapperBot
ATT&CK IDS: T1110 - Brute Force, T1059 - Command and Scripting Interpreter, T1021 - Remote Services, T1499 - Endpoint Denial of Service, T1547 - Boot or Logon Autostart Execution, T1584.005 - Botnet, T1021.004 - SSH, T1094 - Custom Command and Control Protocol
Read More:
Comments