Having fun with php:
https://0xlibris.net/posts/php_botnet
Recent searches
Search options
#Botnet
5 posts5 participants0 posts today
Outlaw cybergang attacking targets worldwide
A recent incident response case in Brazil revealed a Perl-based crypto mining botnet called Outlaw, also known as Dota, targeting Linux environments. The threat actor exploits weak SSH credentials, downloads malicious scripts, and deploys an XMRig miner for Monero cryptocurrency. The botnet includes an IRC-based client that acts as a backdoor, allowing for various malicious activities. Victims have been identified mainly in the United States, with additional targets in Germany, Italy, Thailand, Singapore, Taiwan, Canada, and Brazil. The article provides detailed analysis of the malware's components, persistence mechanisms, and evasion techniques. Recommendations for system administrators include hardening SSH configurations and implementing additional security measures to mitigate the risk of compromise.
Pulse ID: 6810fdeb2114bc18d03810e3
Pulse Link: https://otx.alienvault.com/pulse/6810fdeb2114bc18d03810e3
Pulse Author: AlienVault
Created: 2025-04-29 16:27:23
Be advised, this data is unverified and should be considered preliminary. Always do further verification.
LevelBlue Open Threat ExchangeLevelBlue - Open Threat ExchangeLearn about the latest cyber threats. Research, collaborate, and share threat intelligence in real time. Protect yourself and the community against today's emerging threats.
#DDoS-aanvallen #cybercrime #2025 #DDoS #botnet #SYNflood #amplificatie #hypervolumetrisch #cloudflare #incidentrespons #beveiliging #cyberdreiging #netwerkinfrastructuur #digitaleveiligheid #strategie #DDoSverdeding
Lees meer over de dramatische stijging van #DDoS-aanvallen in 2025 en hoe organisaties zich kunnen beschermen: https://www.ccinfo.nl/menu-onderwijs-ontwikkeling/cybercrime/ddos-website-aanval/2478574_dramatische-stijging-van-ddos-aanvallen-in-2025-wat-betekent-dit-voor-organisaties
www.ccinfo.nlDramatische stijging van DDoS-aanvallen in 2025, wat betekent dit voor organisaties? / DDoS (Website aanval) / Cybercrime / Menu Onderwijs & Ontwikkeling | Cybercrimeinfo (ccinfo.nl)Dramatische stijging van DDoS-aanvallen in 2025 bedreigt bedrijven wereldwijd. Ontdek de impact, aanvalstechnieken en hoe organisaties zich kunnen verdedigen tegen deze groeiende cyberdreiging.
A shady Market gives Money to App Developers on iOS, Android, MacOS and Windows for including a Library into their Apps that sells Users Network Bandwidth, acting as Proxy for Web Scrapers/Bots - Article by Jan Wildeboer @jwildeboer #Botnet https://jan.wildeboer.net/2025/04/Web-is-Broken-Botnet-Part-2/
Jan Wildeboer's Blog · The Web is Broken — Botnet Part 2
More from 
Jan Wildeboer 
Smart devices really are those flaky friends you can't rely on, yet suspect are gossiping about you behind your back.
And so, the episode in which a family member's #android photo frame takes a second gig on a #botnet
https://medium.com/@sinclairdotwtf/the-gift-that-keeps-on-taking-770111988713
When someone as introverted as me shakes the lurker's torpor, that's what cross looks like.
Medium · The gift that keeps on taking - Ian Sinclair - Medium
RustoBot Botnet Exploits Router Flaws
Pulse ID: 6808367b763a45db31e7f677
Pulse Link: https://otx.alienvault.com/pulse/6808367b763a45db31e7f677
Pulse Author: cryptocti
Created: 2025-04-23 00:38:19
Be advised, this data is unverified and should be considered preliminary. Always do further verification.
LevelBlue Open Threat ExchangeLevelBlue - Open Threat ExchangeLearn about the latest cyber threats. Research, collaborate, and share threat intelligence in real time. Protect yourself and the community against today's emerging threats.
New Threat Alert: Rustobot Botnet
A new Rust-based botnet is making waves — and it's hijacking routers to do it. @FortiGuardLabs latest research dives into Rustobot, a stealthy, modular botnet that’s fast, evasive, and ready to wreak havoc.
Learn how it works, what makes it different, and how to protect your network:
https://www.fortinet.com/blog/threat-research/new-rust-botnet-rustobot-is-routed-via-routers
IOCs
URLs
hxxp://66[.]63[.]187[.]69/w.sh
hxxp://66[.]63[.]187[.]69/wget.sh
hxxp://66[.]63[.]187[.]69/t
hxxp://66[.]63[.]187[.]69/tftp.sh
hxxp://66[.]63[.]187[.]69/arm5
hxxp://66[.]63[.]187[.]69/arm6
hxxp://66[.]63[.]187[.]69/arm7
hxxp://66[.]63[.]187[.]69/mips
hxxp://66[.]63[.]187[.]69/mpsl
hxxp://66[.]63[.]187[.]69/x86
Hosts
dvrhelper[.]anondns[.]net
techsupport[.]anondns[.]net
rustbot[.]anondns[.]net
miraisucks[.]anondns[.]net
5[.]255[.]125[.]150
Edit: Shout-out to the author behind this research, @7olzu
New Rust-Based Botnet Hijacks Routers to Inject Remote Commands https://gbhackers.com/new-rust-based-botnet-hijacks-routers/ #CyberSecurityNews #cybersecurity #Botnet #DDOS
The Web Is Broken – Botnet Part 2
https://jan.wildeboer.net/2025/04/Web-is-Broken-Botnet-Part-2/
Jan Wildeboer's Blog · The Web is Broken — Botnet Part 2
More from Jan Wildeboer
Botnet alert: A newly uncovered XorDDoS controller is widening the threat surface.
Attackers are targeting:
Linux servers
Docker environments
Their method?
SSH brute-force
Persistence via cron jobs and init scripts
71% of detected activity focused on U.S. systems
Indicators suggest Chinese-speaking actors
This isn’t just noise — it’s a sustained, evolving threat to cloud and edge ecosystems.
#CyberSecurity #XorDDoS #Botnet #LinuxSecurity #ThreatIntelligence #security #privacy #cloud #infosec
https://thehackernews.com/2025/04/experts-uncover-new-xorddos-controller.html
@wpn #mail #server is being under quite an heavy pressure since a couple days now.. Looks like a very large #botnet is trying to access my accounts (they got the addresses right); it's just too many IPs even if the auth attempts are like 2 every half-an-hour. With my current passwords I don't believe they stand a chance for the foreseable future, still very annoying.
Just under 900 IPs and counting in the last 12 hours coming at my infra:
---
403 343 - - ---- 3/3/0/0/0 0/0 {bogl.no} "POST /xmlrpc.php HTTP/1.1"
---
If you wanted to build your own #localized #IoT #Android based #botnet for some reason, here's a good starting point.
Using #BLE to operate #MQTT is so countryside compound it almost makes me want to boobytrap my perimeter.
CasparvdBroek/BLEtoMQTT: Android BLE to MQTT bridging service
https://github.com/CasparvdBroek/BLEtoMQTT
GitHubGitHub - CasparvdBroek/BLEtoMQTT: Android BLE to MQTT bridging serviceAndroid BLE to MQTT bridging service. Contribute to CasparvdBroek/BLEtoMQTT development by creating an account on GitHub.
El lado del mal - Inteligencia Artificial y el negocio de resolver "Capthas Cognitivos" para el Cibercrimen. https://www.elladodelmal.com/2025/04/inteligencia-artificial-y-el-negocio-de.html #Captcha #FunCaptcha #ReCaptcha #AWS #TurnSite #AI #IA #hCaptcha #Cibercrimen #AkiraBot #Botnet #InteligenciaArtificial #WebScrapping
Replied in thread
@FAIR Oh yes. They started blocking pro-Palestine and anti-Russia messaging on Ukraine for me a long time ago.
This is of course systematic abuse of reporting tools by automated means or by troll farms in the case of Kremlin.
Facebook refuses to hire enough people to counter the problem, which is just getting exponentially worse by cheap LLM’s able to do the job which you formerly needed a Russian spy for.
#ai #disinformation #llm #botnet #socialmedia #facebook
Smokeloader Users Identified and Arrested in Operation Endgame – Source:hackread.com https://ciso2ciso.com/smokeloader-users-identified-and-arrested-in-operation-endgame-sourcehackread-com/ #1CyberSecurityNewsPost #CyberSecurityNews #OperationEndgame #cybersecurity #SmokeLoader #CyberCrime #Hackread #Europol #malware #botnet #europe
CISO2CISO.COM & CYBER SECURITY GROUP · Smokeloader Users Identified and Arrested in Operation Endgame – Source:hackread.comSource: hackread.com - Author: Waqas. TL;DR: The hammer’s coming down not just on malware creators but the users funding them. If you paid to comprom
Europol Targets Customers of Smokeloader Pay-Per-Install Botnet – Source: www.securityweek.com https://ciso2ciso.com/europol-targets-customers-of-smokeloader-pay-per-install-botnet-source-www-securityweek-com/ #rssfeedpostgeneratorecho #Tracking&LawEnforcement #CyberSecurityNews #OperationEndgame #Malware&Threats #securityweekcom #securityweek #SmokeLoader #Trickbot #Europol #botnet
CISO2CISO.COM & CYBER SECURITY GROUP · Europol Targets Customers of Smokeloader Pay-Per-Install Botnet – Source: www.securityweek.comSource: www.securityweek.com - Author: Ionut Arghire Law enforcement agencies in the US and six other countries have been identifying customers of the Sm
Smokeloader Users Identified and Arrested in Operation Endgame https://hackread.com/smokeloader-users-identified-arrested-operation-endgame/ #OperationEndgame #Cybersecurity #SmokeLoader #CyberCrime #Europol #Malware #Botnet #europe
Hackread - Latest Cybersecurity, Hacking News, Tech, AI & Crypto · Smokeloader Users Identified and Arrested in Operation EndgameFollow us on Bluesky, Twitter (X), Mastodon and Facebook at @Hackread
#OperationEndgame - With the operators out of the picture, law enforcement is closing in on Smokeloader botnet’s paying customers across Europe and North America.
Read: https://hackread.com/smokeloader-users-identified-arrested-operation-endgame/
Hackread - Latest Cybersecurity, Hacking News, Tech, AI & Crypto · Smokeloader Users Identified and Arrested in Operation EndgameFollow us on Bluesky, Twitter (X), Mastodon and Facebook at @Hackread
