Today > 1 Critical | 6 High | 24 Medium vulnerabilities   -   You can now download lists of IOCs here!

The Digital Legacy of Botnet 911 S5

June 14, 2024, 11:06 a.m.

Description

The report provides an in-depth analysis of the notorious Botnet 911 S5, revealing its origins, operations, and digital remnants. It traces the botnet's evolution, from its inception in 2014 to its eventual demise in 2024, after a joint law enforcement operation. The botnet leveraged free VPN software to distribute malware, infecting millions of devices worldwide and selling access to this proxy network. The report meticulously dissects the botnet's infrastructure, shared resources, and malware samples, shedding light on the tactics employed by its operators, even after their rebranding efforts under the guise of 'CloudRouter'.

Date

Published: June 14, 2024, 10:51 a.m.

Created: June 14, 2024, 10:51 a.m.

Modified: June 14, 2024, 11:06 a.m.

Indicators

fa0c044489bf26df366018288990735e87740c17725cc9cbde50fc7067630e01

afc82cce49b6bee26340b55d5a9e8a9b08406878f7cfafe69d6c7fd04dc132d1

504824b1c08ae15920b675d6cb3339eda56781d20763a7162ba7f43027269f4a

3eb28a578241d2cdfb7cbd0036facdb5ca8fbc42da2de47aa04e5faf72d65345

f78075951f0272020ca33fee78c3cf9007a0db1842af5cd0eeab518ccc915b16

www.dewvpn.com

www.911s5.com

www.911.gg

userip.911s5.net

user.dewvpn.com

net.dewvpn.com

neibu.911s5.net

login.911s5.net

eu.911.gg

soccerstreamingvpn.com

shinevpn.org

shinevpn.com

shinevpn.net

shinevpn.co

shieldvpn.org

searchsafe.com

reachfresh.com

proxygate.net

freevpnlebanon.com

freevpnhongkong.com

freevpnghana.com

freevpncuba.com

dewvpn.org

dewvpn.net

dewvpn.cc

cloudrouter.pro

cloudrouter.io

911s5.org

911s5.net

911s5.com

Attack Patterns

Shield VPN

PaladinVPN

ShineVPN

DewVPN

ProxyGate

MaskVPN

YunHe Wang

T1583.005