The Threat CodexFeb 28
Zerobot Malware Targets n8n Automation Platform
#Zerobot #n8n #CVE_2025_7544 #CVE_2025_68613
https://www.akamai.com/blog/security-research/2026/feb/zerobot-malware-targets-n8n-automation-platform
abuse.ch Dec 4

Mirai botnet #zerobot spreading through 172.86.123.179 (cloudzy πŸ‡¦πŸ‡ͺ) ‡️

Mirai botnet C2 domain:
0bot.qzz .io (Gandi SAS πŸ‡«πŸ‡·)

Mirai botnet C2 server:
140.233.190.96:69 (Internet Magnate πŸ‡ΏπŸ‡¦)

Payload URLs:
🌐 https://urlhaus.abuse.ch/host/172.86.123.179/

Mirai malware sample:
πŸ€– https://bazaar.abuse.ch/sample/9f64ea43d9ba0bed705b94251dfbcdc596fc594df8c0d94c512e4573c55b30e5/

More #Mirai IOCs are available on ThreatFox:
🦊 https://threatfox.abuse.ch/browse/malware/elf.mirai/

securityaffairsDec 22, 2022
A new #Zerobot variant spreads by exploiting #Apache flaws
https://securityaffairs.co/wordpress/139918/cyber-crime/zerobot-spreads-apache-flaws.html
#securityaffairs #hacking #malware
A new Zerobot variant spreads by exploiting Apache flaws

Microsoft spotted an upgraded variant of the Zerobot botnet that spreads by exploiting Apache vulnerabilities. Microsoft Threat Intelligence Center (MSTIC) researchers discovered a new variant of the Zerobot botnet (aka ZeroStresser) that was improved with the capabilities to target more Internet of Things (IoT) devices. The IT giant is tracking this cluster of threat activity […]

Security Affairs
AntonioJesusGonzalez Dec 21, 2022
Microsoft researchers analyzed Zerobot 1.1, the latest version of the Go-based DDoS botnet that spreads primarily through IoT and web application vulnerabilities. This version expands the malware’s reach to different types of devices:
http://www.microsoft.com/en-us/security/blog/2022/12/21/microsoft-research-uncovers-new-zerobot-capabilities/
#cybersecurity #zerobot
Microsoft research uncovers new Zerobot capabilities - Microsoft Security Blog

The Microsoft Defender for IoT research team details information on the recent distribution of a Go-based botnet, known as Zerobot, that spreads primarily through IoT and web-application vulnerabilities.

Microsoft Security Blog
Show threadRaminDec 21, 2022

Great collaboration between Microsoft Defender for IoT Research Team, Microsoft Defender Research Team, and Microsoft Threat Intelligence Center (MSTIC). Refer to the blog for a list of #Zerobot IOCs and protection, detection, and hunting recommendations.

https://www.microsoft.com/en-us/security/blog/2022/12/21/microsoft-research-uncovers-new-zerobot-capabilities/

Microsoft research uncovers new Zerobot capabilities - Microsoft Security Blog

The Microsoft Defender for IoT research team details information on the recent distribution of a Go-based botnet, known as Zerobot, that spreads primarily through IoT and web-application vulnerabilities.

Microsoft Security Blog
Show threadRaminDec 21, 2022
Microsoft Defender for IoT research team has observed new DDoS attack capabilities in #Zerobot 1.1, including ICMP/SYN/SYN-ACK/ACK floods and various custom UDP/TCP attacks (including XMAS attack).
Show threadRaminDec 21, 2022
#Zerobot targets various architectures including ARM64, MIPS & x86_64. Upon gaining access to a device, Zerobot uses a downloader script to download & execute the main Zerobot components. After establishing persistence, Zerobot scans for other internet-exposed devices to infect.
Show threadRaminDec 21, 2022
In addition to credential brute force attacks, #Zerobot 1.1 is capable of exploiting a variety of known/patched vulnerabilities, including *patched* vulnerabilities in Apache HTTP Server, Apache Spark, Tenda GPON routers, LinuxKI, Zivif, Grandstream, Roxy-WI, MiniDVBLinux, etc.
RaminDec 21, 2022

Microsoft Threat Intelligence is releasing a blog on a new set of #Zerobot/#ZeroStresser 1.1 capabilities. Zerobot spreads primarily through exploitation of known IoT and web application vulnerabilities in devices such as firewalls, routers, cameras, etc.

https://www.microsoft.com/en-us/security/blog/2022/12/21/microsoft-research-uncovers-new-zerobot-capabilities/

Microsoft research uncovers new Zerobot capabilities - Microsoft Security Blog

The Microsoft Defender for IoT research team details information on the recent distribution of a Go-based botnet, known as Zerobot, that spreads primarily through IoT and web-application vulnerabilities.

Microsoft Security Blog
OPSEC Cybersecurity News LiveDec 21, 2022
Microsoft research uncovers new Zerobot capabilities

https://www.microsoft.com/en-us/security/blog/2022/12/21/microsoft-research-uncovers-new-zerobot-capabilities/

#Microsoftsecurityintelligence #Cybersecurity #Zerobot #IoT
Microsoft research uncovers new Zerobot capabilities - Microsoft Security Blog

The Microsoft Defender for IoT research team details information on the recent distribution of a Go-based botnet, known as Zerobot, that spreads primarily through IoT and web-application vulnerabilities.

Microsoft Security Blog