Mastodawn

New, from our @deepfield ERT: found a new botnet dressing its C2 traffic as camera management.

#Drifter names its domains after Hikvision products, blending with surveillance traffic on the same VLAN as the Android TV boxes it infects. DNS queries go through an Australian resolver, which somewhat undermines the cover if your bot is in São Paulo.

71 KB binary, already linked to attacks exceeding 2 Tbps from 80k sources. At least six operators are now competing for the same devices.

https://github.com/deepfield/public-research/blob/main/drifter/report.md

#threatintel #ddos

public-research/drifter/report.md at main · deepfield/public-research

DDoS botnet research and indicators of compromise from Nokia Deepfield ERT - deepfield/public-research

GitHub

Christoph Schmees 1d ago

Die vier wichtigsten Botnets abgeschaltet

Das dürfte ein schwerer Schlag gegen den Wirtschaftszweig Cybercrime sein: Behörden aus Deutschland, Kanada und den USA ist es in einer gemeinsamen Aktion gelungen, die Infrastruktur (C2 Server, Domains) hinter den vier größten Botnets auszuschalten. Das sind (waren) Aisuru, JackSkid, KimWolf und Mossad. Die vier waren zusammen für "hunderttausende" von DDoS Angriffen verantwortlich. Einige richteten sich gegen das US-Militär (Verteidigungsministerium) oder andere hochwertige Ziele. Andere dienten dazu, missliebige Websites außer Gefecht zu setzen oder Websites einfach nur zu erpressen:

https://www.pc-fluesterer.info/wordpress/2026/03/27/die-vier-wichtigsten-botnets-abgeschaltet/

#Allgemein #Empfehlung #Hintergrund #Warnung #botnet #cybercrime #ddos #erpresser #hersteller #passwort #smart #smarthome #webcam

Die vier wichtigsten Botnets abgeschaltet | pc-flüsterer bremen

Carey 2d ago

My pet peeve today: calling something a #DDoS when it’s coming from five IP addresses and the service is fine.

MiniMedusa Lol 3d ago

New official proxy list for MegaMedusa, get full IP : https://www.minimedusa.lol/ip/current.txt or cleaned IP : https://www.minimedusa.lol/ip/current-cleaned.txt - #ThreatIntel #Ddos #MegaMedusa

MiniMedusa Lol 3d ago

New official proxy list for MegaMedusa, get full IP : https://www.minimedusa.lol/ip/current.txt or cleaned IP : https://www.minimedusa.lol/ip/current-cleaned.txt - #ThreatIntel #Ddos #MegaMedusa

Hackread.com 3d ago

It turns out #Mirai malware isn’t fading, it’s multiplying. Hundreds of Mirai-based variants now host massive botnet growth, exploiting weak IoT devices and evolving attack methods.

#Botnet #CyberSecurity #IoT #Malware #DDoS

Mirai Malware Evolves into Hundreds of Variants Driving Botnet Growth

Mirai malware evolves into hundreds of variants, driving botnet growth, powering large-scale attacks, and increasing risks to vulnerable IoT devices worldwide.

Hackread - Cybersecurity News, Data Breaches, AI and More

AA 3d ago

New.

Any.Run: Kamasers Analysis: A Multi-Vector DDoS Botnet Targeting Organizations Worldwide https://any.run/cybersecurity-blog/kamasers-technical-analysis/ @anyrun_app #malware #infosec #threatresearch #DDoS

Kamasers Analysis: A Multi-Vector DDoS Botnet Targeting Organizations Worldwide

See how the Kamasers botnet can disrupt business operations through multi-vector DDoS attacks, resilient infrastructure, and broad attack capabilities.

ANY.RUN's Cybersecurity Blog