IoT Botnet Linked to Large-scale DDoS Attacks Since the End of 2024

    Monday, January 20, 2025 In: Threat Research Print

    Date: 01/20/2025

    Severity: Medium

    Summary

    Since the end of 2024, a large-scale IoT botnet, primarily using malware variants from Mirai and Bashlite, has been launching DDoS attacks targeting companies globally, with a significant focus on Japan. The botnet infects devices like wireless routers and IP cameras by exploiting vulnerabilities and weak credentials. It is controlled through command-and-control servers and employs various DDoS attack methods, malware updates, and proxy services. Attack patterns differ between domestic and international targets, with a notable impact on sectors across North America and Europe.

    Indicators of Compromise (IOC) List

    IP Address

    156.253.250.201

    194.50.16.15

    92.249.48.205

    Hash

    405491255ff73ddfb1dd2a1859347dd00a3ce05bc681693fc7cd95fc11717a5a

aebe831a4ab5dee97209ecc80a3a9728dae38dd8eb0cdc744bf26ff51baa6998

be2d34d170e8fc4956464f36c36c93dbeaa2957c0ed4139e1d06a5693c3f8b25

63e91c3ddf7c808008b2bdef26d56b110b6b4b0b23c6e470045564864c44143e

620636c1b8ecdde20b33a572bc79b2f2b9a212e063bf17a61e9e294adc5eb857

0cffa89872b6fda2dd813bde128763c77280e663a8f73b3c1c5fb76bc7355cd1

d1585e0acc839200b095c76833d0c85fdc95df3894a18662b508f734075b5297

371204521df08047c17cc2934c50c0ffec48b4cde93dd19a4495dcfc671a3060

548d1c8de71f5444228e2c1f031c540b0e08781e332f46a5d21e564180c81b6d

32bc52b263c6d40077eeaf4e2c105c91fdfb3eb859b1d11470b5a2087a39bcee

1bba9d9ca796b61828ff9866f0c7a8326e5d34eda6bd20d790fab846091e5d07

    Gurucul Threat Detection and Incident Response (TDIR) Queries for Detection

    Detection Query 1

    dstipaddress IN ("156.253.250.201","194.50.16.15","92.249.48.205") or ipaddress IN ("156.253.250.201","194.50.16.15","92.249.48.205") or publicipaddress IN ("156.253.250.201","194.50.16.15","92.249.48.205") or srcipaddress IN ("156.253.250.201","194.50.16.15","92.249.48.205")

    Detection Query 2

    sha256hash IN ("405491255ff73ddfb1dd2a1859347dd00a3ce05bc681693fc7cd95fc11717a5a","aebe831a4ab5dee97209ecc80a3a9728dae38dd8eb0cdc744bf26ff51baa6998","be2d34d170e8fc4956464f36c36c93dbeaa2957c0ed4139e1d06a5693c3f8b25","63e91c3ddf7c808008b2bdef26d56b110b6b4b0b23c6e470045564864c44143e","620636c1b8ecdde20b33a572bc79b2f2b9a212e063bf17a61e9e294adc5eb857","0cffa89872b6fda2dd813bde128763c77280e663a8f73b3c1c5fb76bc7355cd1","d1585e0acc839200b095c76833d0c85fdc95df3894a18662b508f734075b5297","371204521df08047c17cc2934c50c0ffec48b4cde93dd19a4495dcfc671a3060","548d1c8de71f5444228e2c1f031c540b0e08781e332f46a5d21e564180c81b6d","32bc52b263c6d40077eeaf4e2c105c91fdfb3eb859b1d11470b5a2087a39bcee","1bba9d9ca796b61828ff9866f0c7a8326e5d34eda6bd20d790fab846091e5d07")

    Reference: 

    https://www.trendmicro.com/en_us/research/25/a/iot-botnet-linked-to-ddos-attacks.html


    Tags

    MalwareBotnetDDoS Attacks

    « Previous ArticleNext Article »

    Comments

    No records to display

    Looking for Something?
    Threat Research Categories:
    Tags

    Privacy & Security StatementTerms & Conditions
    Copyright © 2025 by Gurucul - All rights reserved.