- CREATED 1 DAY AGO by AlienVault
- Public
- TLP: White
On 2021-06-22, Netlab detected that a mirai_pteamirai variant sample Netlab named was spread through an unknown vulnerability. After analysis, the vulnerability is an undisclosed vulnerability of KGUARD DVR . From Netlab’s analysis, the vulnerability exists in the 2016 firmware version. All firmware manufacturers that we can find after 2017 have fixed this vulnerability. Interestingly, one day later, on June 23, Netlab received an inquiry from the security community asking whether we saw a new DDoS attack botnet. Cross-comparing clues, it turns out that this botnet we just discovered is currently looking at. This botnet is in an active attack state (see the end).
REFERENCE:https://blog.netlab.360.com/mirai_ptea-botnet-is-exploiting-undisclosed-kguard-dvr-vulnerability/
TAGS:botnet, ddos, mirai, mirai_ptea
MALWARE FAMILY:Mirai
ATT&CK IDS:T1140 – Deobfuscate/Decode Files or Information, T1595.002 – Vulnerability Scanning, T1190 – Exploit Public-Facing Application, T1583.005 – Botnet, T1090.003 – Multi-hop Proxy, T1573 – Encrypted Channel, T1499 – Endpoint Denial of Service