March 22, 2024
Severity High Analysis Summary Ducktail Malware is a malicious program designed by hackers to infiltrate computers and networks globally. Ducktail malware is typically delivered through a […]
Rewterz Threat Alert – Joker Malware Variant Found in Google Play
July 13, 2020
Rewterz Threat Alert – Excel Spreasheet Macro Kicks off Formbook Malware Infection
July 13, 2020
Rewterz Threat Alert – Joker Malware Variant Found in Google Play
July 13, 2020
Rewterz Threat Alert – Excel Spreasheet Macro Kicks off Formbook Malware Infection
July 13, 2020
Severity
High
Analysis Summary
Researchers discovered a new Mirai variant (detected as IoT.Linux.MIRAI.VWISI) that exploits nine vulnerabilities, most notable of which is CVE-2020-10173 in Comtrend VR-3033 routers which have not observed exploited by past Mirai variants. This discovery is a new addition to the Mirai variants that appeared in the past few months, that include SORA, UNSTABLE, and Mukashi. The vulnerabilities used by this Mirai variant consist of a combination of old and new that help cast a wide net encompassing different types of connected devices. The nine vulnerabilities used in this campaign affect specific versions of IP cameras, smart TVs, and routers, among others. The most notable of these vulnerabilities is CVE-2020-10173, a Multiple Authenticated Command injection vulnerability found in Comtrend VR-3033 routers. Remote malicious attackers can use this vulnerability to compromise the network managed by the router.
Impact
Network compromise
Indicators of Compromise
MD5
- 10feb5a36c7bddc5f5a9b71da0bde08b
SHA-256
- 66545fffeed4f413827f9dc51d2444aaa772adf4d44f65662356b1301e45390d
SHA1
- e8440d31f747a9f446988ef7ed6686cde0d8cf47
Remediation
- Block all threat indicators at your respective controls.
- Search for IOCs in your environment.