Mass Campaign of Murdoc Botnet Mirai: A New Variant of Corona Mirai

Description

The Qualys Threat Research Unit has uncovered a large-scale operation within the Mirai campaign, dubbed Murdoc Botnet. This variant exploits vulnerabilities in AVTECH Cameras and Huawei HG532 routers, demonstrating enhanced capabilities to compromise devices and establish expansive botnet networks. The campaign, which began in July 2024, uses ELF file and Shell Script execution to deploy the botnet sample. Over 1300 IPs were found active, with 100+ distinct sets of servers distributing the malware. The botnet targets vulnerable devices using existing exploits like CVE-2024-7029 and CVE-2017-17215. Affected countries include Malaysia, Thailand, Mexico, and Indonesia. The malware uses shell scripts to fetch, execute, and remove payloads on compromised devices.