The Digital Legacy of Botnet 911 S5
June 14, 2024, 11:06 a.m.
Tags
External References
Description
The report provides an in-depth analysis of the notorious Botnet 911 S5, revealing its origins, operations, and digital remnants. It traces the botnet's evolution, from its inception in 2014 to its eventual demise in 2024, after a joint law enforcement operation. The botnet leveraged free VPN software to distribute malware, infecting millions of devices worldwide and selling access to this proxy network. The report meticulously dissects the botnet's infrastructure, shared resources, and malware samples, shedding light on the tactics employed by its operators, even after their rebranding efforts under the guise of 'CloudRouter'.
Date
Published: June 14, 2024, 10:51 a.m.
Created: June 14, 2024, 10:51 a.m.
Modified: June 14, 2024, 11:06 a.m.
Indicators
fa0c044489bf26df366018288990735e87740c17725cc9cbde50fc7067630e01
afc82cce49b6bee26340b55d5a9e8a9b08406878f7cfafe69d6c7fd04dc132d1
504824b1c08ae15920b675d6cb3339eda56781d20763a7162ba7f43027269f4a
3eb28a578241d2cdfb7cbd0036facdb5ca8fbc42da2de47aa04e5faf72d65345
f78075951f0272020ca33fee78c3cf9007a0db1842af5cd0eeab518ccc915b16
www.dewvpn.com
www.911s5.com
www.911.gg
userip.911s5.net
user.dewvpn.com
net.dewvpn.com
neibu.911s5.net
login.911s5.net
eu.911.gg
soccerstreamingvpn.com
shinevpn.org
shinevpn.com
shinevpn.net
shinevpn.co
shieldvpn.org
searchsafe.com
reachfresh.com
proxygate.net
freevpnlebanon.com
freevpnhongkong.com
freevpnghana.com
freevpncuba.com
dewvpn.org
dewvpn.net
dewvpn.cc
cloudrouter.pro
cloudrouter.io
911s5.org
911s5.net
911s5.com
Attack Patterns
Shield VPN
PaladinVPN
ShineVPN
DewVPN
ProxyGate
MaskVPN
YunHe Wang
T1583.005