Moobot

Malware updated 23 days ago (2024-11-29T13:39:45.399Z)
Download STIX
Preview STIX
Moobot is a malicious software (malware) that is based on the Mirai platform. This malware was designed to infiltrate devices and systems, often through suspicious downloads, emails, or websites without user knowledge. Once inside a system, Moobot facilitated targeted attacks against various entities, collected credentials, proxied network traffic, established reverse SSH tunnels, hosted spoofed landing pages, and controlled other remote systems infected with a Python backdoor. The initial infection involved deploying additional scripts which increased its potency and reach. The malware's operation was linked to APT28, a group believed to be associated with Russia. Despite efforts by authorities to curb its activities, the group and other cybercriminals continued to use the Moobot botnet. The resilient nature of this malware made it a persistent threat, as it continued to infect systems and carry out its operations even after initial attempts at dismantling. However, in a significant breakthrough, the U.S. government managed to dismantle the Moobot botnet controlled by APT28. This action disrupted the malware's operations, although reports suggest that some elements associated with APT28 and other criminals continue to utilize remnants of the Moobot botnet. The sustained activity underscores the complex nature of modern cybersecurity threats and the need for ongoing vigilance and action to protect systems and data.
Description last updated: 2024-11-28T12:00:26.537Z
What's your take? (Question 1 of 5)
Help tune the shared Cybergeist dataset, assist your peers, and earn karma. Expand the panel to get started.
Possible Aliases / Cluster overlaps
It's hard to track cluster overlaps and naming conventions between vendors, so here are some possible overlapping names / profiles you also may want to look at. Create a free account to see the source evidence for each alias, and help fix any errors.
Alias DescriptionVotes
Mirai Botnet is a possible alias for Moobot. The Mirai botnet, a type of malware, is known for its ability to exploit vulnerabilities in various devices and systems. Mirai operates by infecting systems without the user's knowledge, often through suspicious downloads, emails, or websites. Once inside, it can steal personal information, disrupt
2
Miscellaneous Associations
Other elements of context that could aid in the identification of relevance
Malware
Botnet
Vulnerability
Fortiguard
Russia
flaw
Bot
Apt
Analyst Notes & Discussion
Be the first to leave your mark here! Log in to share your views and vote.
Associated Malware
To see the evidence that has resulted in these malware associations, create a free account
Alias DescriptionAssociation TypeVotes
The Mirai Malware is associated with Moobot. Mirai is a type of malware that primarily targets Internet of Things (IoT) devices, converting them into a botnet, which is then used to launch Distributed Denial of Service (DDoS) attacks. In early 2022, Mirai botnets accounted for over seven million detections worldwide, though there was a 9% quaris related to
6
The Shellbot Malware is associated with Moobot. ShellBot is a malicious software (malware) variant that has been actively targeting poorly managed Linux SSH servers. As reported by Hacker News and HackRead in March 2023, this Perl-based DDoS bot deploys different variants to exploit these servers. ShellBot, along with another DDoS malware called is related to
3
The Gafgyt Malware is associated with Moobot. Gafgyt, also known as Bashlite, is a type of malware that targets Linux architecture operating systems with the primary intent to launch distributed denial of service (DDoS) attacks. This malicious software infiltrates systems often through suspicious downloads, emails, or websites, and upon entry, Unspecified
2
The Gafgyt Variant Malware is associated with Moobot. The Gafgyt variant is a malicious software that poses a significant threat to computer systems and devices. This malware can infiltrate your system through suspicious downloads, emails, or websites, often without the user's knowledge. Once inside, it has the potential to steal personal information, is related to
2
Associated Threat Actors
To see the evidence that has resulted in these threatActor associations, create a free account
Alias DescriptionAssociation TypeVotes
The APT28 Threat Actor is associated with Moobot. APT28, also known as Fancy Bear, Pawn Storm, Sofacy Group, Sednit, and STRONTIUM, is a threat actor linked to Russia. The group has been associated with cyber espionage campaigns across Central Asia and has historically targeted areas of national security, military operations, and geopolitical influhas used
4
The Forest Blizzard Threat Actor is associated with Moobot. Forest Blizzard, also known as APT28, Fancy Bear, and Strontium, is a notorious threat actor linked to Russia. In April 2022, this group gained control over a botnet which was then employed for persistent espionage campaigns. The group has shown consistent and lasting repetitions in its tactics, tecUnspecified
2
Associated Vulnerabilities
To see the evidence that has resulted in these vulnerability associations, create a free account
Alias DescriptionAssociation TypeVotes
The CVE-2022-46169 Vulnerability is associated with Moobot. CVE-2022-46169 is a critical pre-authentication command injection vulnerability discovered in the Cacti network operations framework. This flaw, which existed in all versions of Cacti up to 1.2.22, could be exploited by threat actors to deliver malware, thereby compromising the security of systems uUnspecified
3
The CVE-2021-35394 Vulnerability is associated with Moobot. The CVE-2021-35394 vulnerability, a flaw in the software design or implementation of Realtek Jungle SDK, has seen significant exploitation by threat actors. From August to October 2022, the number of attacks attempting to exploit this remote code execution vulnerability accounted for more than 40% oUnspecified
3
The CVE-2021-36260 Vulnerability is associated with Moobot. CVE-2021-36260 is a critical command injection flaw found in the webserver of various Hikvision products. This vulnerability, a defect in software design or implementation, allows unauthorized users to execute arbitrary commands on the system, potentially leading to unauthorized access, data theft, Unspecified
2
Source Document References
Information about the Moobot Malware was read from the documents corpus below. This display is limited to 20 results, create a free account to see more
PreviewSource LinkCreatedAtTitle
Securelist
a month ago
Securityaffairs
4 months ago
Securityaffairs
5 months ago
Securityaffairs
5 months ago
Securityaffairs
5 months ago
Securityaffairs
5 months ago
Securityaffairs
5 months ago
Securityaffairs
6 months ago
Securityaffairs
6 months ago
Securityaffairs
6 months ago
Securityaffairs
7 months ago
Securityaffairs
8 months ago
Securityaffairs
8 months ago
Securityaffairs
8 months ago
DARKReading
8 months ago
Fortinet
8 months ago
Securityaffairs
8 months ago
Securityaffairs
8 months ago
Securityaffairs
9 months ago
Securityaffairs
9 months ago