Today > 1 Critical | 6 High | 24 Medium vulnerabilities   -   You can now download lists of IOCs here!

A glimpse into the next moves and associated botnets

Sept. 10, 2024, 8:23 a.m.

Description

The report provides insights into the evolving tactics and infrastructure of a threat group referred to as the 'Quad7 botnet operators.' It details the discovery of new staging servers, implants, and botnet clusters associated with this group. The operators appear to be compromising various router and VPN appliance brands, introducing new backdoors, and exploring alternative protocols to enhance stealth and evade tracking efforts. Without adequate interception capabilities, monitoring the Quad7 botnets' evolution may become increasingly challenging in the future.

Date

Published: Sept. 10, 2024, 8:07 a.m.

Created: Sept. 10, 2024, 8:07 a.m.

Modified: Sept. 10, 2024, 8:23 a.m.

Indicators

ff17e9bcc1ed16985713405b95745e47674ec98e3c6c889df797600718a35b2c

158.247.194.125

103.57.248.202

103.140.239.63

45.77.44.119

151.236.20.30

http://45.77.44.119:80

http://158.247.194.125:80

http://151.236.20.30:80

http://103.57.248.202:81

http://103.140.239.63:80

Attack Patterns

zylogin

rlogin

axlogin

alogin

NetDuke

HammerDuke

HAMMERTOSS - S0037

FsyNet

UPDTAE

xlogin

Quad7 botnet operators

T1594

T1207

T1043

T1021.004

T1587

T1608

T1583

T1213

T1189

T1505

T1573

T1518

T1105

T1071

T1595

T1543

T1190

T1133

T1090