Ramin

@[email protected]
36 Followers
58 Following
5 Posts
Malware RE Team Lead @ Microsoft Threat Intel Center (MSTIC) || Fascinated & humbled by your complex malware, me vs. your code, not me vs. you/yours.
Twitterhttps://twitter.com/MalwareRE
Show threadRaminDec 21, 2022

Great collaboration between Microsoft Defender for IoT Research Team, Microsoft Defender Research Team, and Microsoft Threat Intelligence Center (MSTIC). Refer to the blog for a list of #Zerobot IOCs and protection, detection, and hunting recommendations.

https://www.microsoft.com/en-us/security/blog/2022/12/21/microsoft-research-uncovers-new-zerobot-capabilities/

Microsoft research uncovers new Zerobot capabilities - Microsoft Security Blog

The Microsoft Defender for IoT research team details information on the recent distribution of a Go-based botnet, known as Zerobot, that spreads primarily through IoT and web-application vulnerabilities.

Microsoft Security Blog
Show threadRaminDec 21, 2022
Microsoft Defender for IoT research team has observed new DDoS attack capabilities in #Zerobot 1.1, including ICMP/SYN/SYN-ACK/ACK floods and various custom UDP/TCP attacks (including XMAS attack).
Show threadRaminDec 21, 2022
#Zerobot targets various architectures including ARM64, MIPS & x86_64. Upon gaining access to a device, Zerobot uses a downloader script to download & execute the main Zerobot components. After establishing persistence, Zerobot scans for other internet-exposed devices to infect.
Show threadRaminDec 21, 2022
In addition to credential brute force attacks, #Zerobot 1.1 is capable of exploiting a variety of known/patched vulnerabilities, including *patched* vulnerabilities in Apache HTTP Server, Apache Spark, Tenda GPON routers, LinuxKI, Zivif, Grandstream, Roxy-WI, MiniDVBLinux, etc.
RaminDec 21, 2022

Microsoft Threat Intelligence is releasing a blog on a new set of #Zerobot/#ZeroStresser 1.1 capabilities. Zerobot spreads primarily through exploitation of known IoT and web application vulnerabilities in devices such as firewalls, routers, cameras, etc.

https://www.microsoft.com/en-us/security/blog/2022/12/21/microsoft-research-uncovers-new-zerobot-capabilities/

Microsoft research uncovers new Zerobot capabilities - Microsoft Security Blog

The Microsoft Defender for IoT research team details information on the recent distribution of a Go-based botnet, known as Zerobot, that spreads primarily through IoT and web-application vulnerabilities.

Microsoft Security Blog