#moobot search results
🚨🍯 CVE-2023-1389: Unauthenticated Command Injection on TP-Link Archer AX21 leads to #MooBot (Mirai DDoS variant). Attacker: 172.104.228.72 🇩🇪 Path: POST /cgi-bin/luci/;stok=/locale?form=country Payload: hxxp://91.92.249.96/condi/bot.x86_64 C2: 91.92.249.96 [+]…
![1ZRR4H's tweet image. 🚨🍯 CVE-2023-1389: Unauthenticated Command Injection on TP-Link Archer AX21 leads to #MooBot (Mirai DDoS variant).
Attacker: 172.104.228.72 🇩🇪
Path: POST /cgi-bin/luci/;stok=/locale?form=country
Payload: hxxp://91.92.249.96/condi/bot.x86_64
C2: 91.92.249.96
[+]…](https://pbs.twimg.com/media/GAwO_dCW8AA6n0o.jpg)
TP-Link routers. http.favicon.hash:-1028703177 shodan.io/search/report?…
shodan.io
Shodan Search
113,226 results found for search query: http.favicon.hash:-1028703177
![RacWatchin8872's tweet image. #moobot #mirai #elf
hxxp://94.156.189.]195](https://pbs.twimg.com/media/GPOpaX2XQAEsK3w.png)
![RacWatchin8872's tweet image. #moobot #mirai #elf
hxxp://94.156.189.]195](https://pbs.twimg.com/media/GPOpaX6WMAAx5z3.png)
The #FSB of Russia was attacked by #moobot #Botnet with #DDoS method #tcp_ack_flood Attack time: 2023-09-18 20:50:29(UTC+8) Target IP: 213[.24.76.23 Related domain names: - www[.fsb.ru - fsb[.gov.ru moobot C2: dd[.gaybooba.cc:55552
#moobot c2's found through @fofabot i am keeping the query for now ''secret''. Fofa has found over time 79 #moobot c2's. Through another query 42 unique ips observed that indicate moobot also.
Nice #MooBot botnet caught by @banthisguy9349 😂 Botnet C2 domain: 🔥 putin.zelenskyj .ru Pointing to: 45.88.90.30:43957 (AS203168 Constant MOULIN 🇧🇪) DNS resolution provided by Cloudflare 🔎 Payload URLs: 🌐 urlhaus.abuse.ch/host/45.88.90.… Payload: 📄 bazaar.abuse.ch/sample/21f1caa…
the following ips still have not been taken down by PFCLOUD AS 51396 87.121.58.103:6666 #moobot c2 87.121.58.103:32105 #mirai c2 84.54.51.103:6666 #moobot c2 84.54.51.103:32105 #mirai c2 IOC: nekololis[.ovh 87.121.58.103 84.54.51.103 #nekobotnet
#moobot domain heleh[.]vn advertises their #botnet stresser.heleh[.]vn urlhaus.abuse.ch/host/proxy.hel… malware was observed for a very long time urlhaus.abuse.ch/host/103.174.7… t[.me/bolongyn github[.com/BoloNgyn G-mail: [email protected]
![banthisguy9349's tweet image. #moobot domain heleh[.]vn advertises their #botnet
stresser.heleh[.]vn
urlhaus.abuse.ch/host/proxy.hel… malware was observed for a very long time
urlhaus.abuse.ch/host/103.174.7…
t[.me/bolongyn
github[.com/BoloNgyn
G-mail: support@heleh.vn](https://pbs.twimg.com/media/GMo7ODUWAAABtl3.jpg)
![banthisguy9349's tweet image. #moobot domain heleh[.]vn advertises their #botnet
stresser.heleh[.]vn
urlhaus.abuse.ch/host/proxy.hel… malware was observed for a very long time
urlhaus.abuse.ch/host/103.174.7…
t[.me/bolongyn
github[.com/BoloNgyn
G-mail: support@heleh.vn](https://pbs.twimg.com/media/GMo71VlWUAALSZQ.jpg)
このスーツケース、、、、、無敵じゃないか!!🤡👍👍 #MOOBOT #VELO amzn.to/48kNcOq
\ますます旅行が楽しくなる😊/ #moobot から電動アシスト機能付き #スーツケース が登場🎊 自動アシスト機能で坂道も楽々♪ 360度回転の静音キャスターで移動も静かでスムーズ😍 ポリカーボネート素材で耐衝撃性も抜群👍 ぜひ店頭でお試しください💁 ➡️yodobashi.com/product/100000…
Two more active threats in March-April 2023 are #Batloader, a #malware dropper that downloads and executes other malware, and the #Moobot #botnet which can be used for distributed denial-of-service (DDoS) attacks. #cybersecurity #threatintelligence #ciso #IoT
The ip 103.172.79.74:43957 keeps being used as #moobot #c2 Although me with some other Security Researcher are able to retrack the new malware samples. Vietnamese language have been observed in one of the script files urlhaus.abuse.ch/host/103.172.7…
found through: 159.223.196.192 bot.layer4[.]bf botnet.layer4[.]bf hiyl7.hilariocolche[.]com found through: 103.172.79.74 bonet.networkbn[.]com Found through: 91.92.240.138 botnet.networkbotbet[.]top networkbotbet[.]top botnet.serveblog[.]net
![banthisguy9349's tweet image. found through: 159.223.196.192
bot.layer4[.]bf
botnet.layer4[.]bf
hiyl7.hilariocolche[.]com
found through: 103.172.79.74
bonet.networkbn[.]com
Found through: 91.92.240.138
botnet.networkbotbet[.]top
networkbotbet[.]top
botnet.serveblog[.]net](https://pbs.twimg.com/media/GG228a8XcAAdXul.jpg)
Whoever that was wondering what i've been up to... pastebin.com/s5wuqH8c #moobot #mirai #gafgyt #irc #botnet's #elf #malware
#new #moobot #domain found domain registrated with @Namecheap virustotal.com/gui/file/21b4a… IP Traffic TCP 103.14.226.21:43957 (c2) urlhaus.abuse.ch/host/103.14.22… sro3ga[.]net
![banthisguy9349's tweet image. #new #moobot #domain found domain registrated with @Namecheap
virustotal.com/gui/file/21b4a…
IP Traffic
TCP 103.14.226.21:43957 (c2) urlhaus.abuse.ch/host/103.14.22…
sro3ga[.]net](https://pbs.twimg.com/media/GM9Woq1W0AAJLBA.jpg)
Routers Under Attack: Protect Your Business from State-Sponsored Espionage! The Situation: 🔴Pawn Storm, the APT group, hacked hundreds of #SOHO routers using the "Moobot" malware. 1/5 #Moobot #Router #APT28 #PawnStorm #GRU #Malware #APT
#MOOBOT C2's IOC's: 5.59.248.206:56744 c2 urlhaus.abuse.ch/host/5.59.248.… 45.156.21.122:8967 c2 still active, malware urls down urlhaus.abuse.ch/host/45.156.21… 209.141.37.216:3074 c2 185.196.9.5:51237 c2 IOC's
電動アシストスーツケース届いた。アシスト機能のスピード調整ないなで、押されて転んだり引きずられそうなスピードなんやが、路上で荷物入れたらちょうど良くなるのかな…クラファンなので届いただけで100点。 #moobot
このスーツケース、、、、、無敵じゃないか!!🤡👍👍 #MOOBOT #VELO amzn.to/48kNcOq
Why don't cows have phones? Because they can't find the right "moobile" plan! 😂 Keep smiling, friends! Remember, laughter is the "moo-sic" of the soul! 🐄💫 #CowJokes #LaughMore #MooBot
Why did the cow become a detective? Because it heard moo-rmurs of a missing glass of milk! 🐮🥛 Remember, laughter is the cream of life! #CowJokes #MooBot
Why did the cow start a Twitter account? To moo-tivate others with udderly amazing puns! 🐄🤣 Got milk? More like, got laughs! #MooBot #MilkyJokes #CowMedy
Just got my cow-culator and did the math: laughter is the best medicine, and every day is a moo-tivation to share smiles! 🐮😂 #MooBot #MooMents #UdderlyHappy
#MooBot/Mirai variant trying to exploit CVE-2017-17215, you can tell from the TCP connections bazaar.abuse.ch/browse/tag/CVE… urlhaus.abuse.ch/browse/tag/CVE…
#MOOBOT C2's IOC's: 5.59.248.206:56744 c2 urlhaus.abuse.ch/host/5.59.248.… 45.156.21.122:8967 c2 still active, malware urls down urlhaus.abuse.ch/host/45.156.21… 209.141.37.216:3074 c2 185.196.9.5:51237 c2 IOC's
new #moobot #botnet #c2 spotted on 157.230.250.250:42597 with @digitalocean
#moobot c2's that are currently discovered through @censysio 45.128.232.90:43957 146.59.3.38:43957 103.116.52.207:42597 209.141.37.216:3074 82.197.68.240:43957 cc: @500mk500
Investigation suggest IPs are on loan to Chang Tiantang, Shui Hao, Shu Weijun, Peng Zhaoli, and Tang Weiming 🇨🇳 Recent reports by @abuse_ch @thehappydinoa and @malpulse show a pattern of increased #C2 hosting on 137.175.0[.]0/17 🤔 #XorDDoS #MooBot #CobaltStrike cc @raksmart
#new #moobot #domain found domain registrated with @Namecheap virustotal.com/gui/file/21b4a… IP Traffic TCP 103.14.226.21:43957 (c2) urlhaus.abuse.ch/host/103.14.22… sro3ga[.]net
@TrendMicroItaly @TrendMicro @TrendMicroRSRCH #Russia-linked #APT28 and crooks are still using the #Moobot #botnet securityaffairs.com/162706/apt/moo… #securityaffairs #hacking #malware
securityaffairs.com
Russia-linked APT28 and crooks are still using the Moobot botnet
The Ubiquiti EdgeRouter botnet is still used by Russia-linked group APT28 and cybercriminals organizations.
#moobot domain heleh[.]vn advertises their #botnet stresser.heleh[.]vn urlhaus.abuse.ch/host/proxy.hel… malware was observed for a very long time urlhaus.abuse.ch/host/103.174.7… t[.me/bolongyn github[.com/BoloNgyn G-mail: [email protected]
#moobot c2's found through @fofabot i am keeping the query for now ''secret''. Fofa has found over time 79 #moobot c2's. Through another query 42 unique ips observed that indicate moobot also.
@abuse_ch community has caught a 🐮#MooBot botnet! Payload delivery URLs, malware sample, and botnet C&C server details below 👇
Nice #MooBot botnet caught by @banthisguy9349 😂 Botnet C2 domain: 🔥 putin.zelenskyj .ru Pointing to: 45.88.90.30:43957 (AS203168 Constant MOULIN 🇧🇪) DNS resolution provided by Cloudflare 🔎 Payload URLs: 🌐 urlhaus.abuse.ch/host/45.88.90.… Payload: 📄 bazaar.abuse.ch/sample/21f1caa…
@abuse_ch community has caught a 🐮#MooBot botnet - nice work @banthisguy9349! Payload delivery URLs, malware sample, and botnet C&C server details below 👇
Nice #MooBot botnet caught by @banthisguy9349 😂 Botnet C2 domain: 🔥 putin.zelenskyj .ru Pointing to: 45.88.90.30:43957 (AS203168 Constant MOULIN 🇧🇪) DNS resolution provided by Cloudflare 🔎 Payload URLs: 🌐 urlhaus.abuse.ch/host/45.88.90.… Payload: 📄 bazaar.abuse.ch/sample/21f1caa…
abuse.ch community has caught a variant of #Mirai botnet known as #MooBot 🐮 infecting IoT devices around the world - find out more here ⬇️
Nice #MooBot botnet caught by @banthisguy9349 😂 Botnet C2 domain: 🔥 putin.zelenskyj .ru Pointing to: 45.88.90.30:43957 (AS203168 Constant MOULIN 🇧🇪) DNS resolution provided by Cloudflare 🔎 Payload URLs: 🌐 urlhaus.abuse.ch/host/45.88.90.… Payload: 📄 bazaar.abuse.ch/sample/21f1caa…
Nice #MooBot botnet caught by @banthisguy9349 😂 Botnet C2 domain: 🔥 putin.zelenskyj .ru Pointing to: 45.88.90.30:43957 (AS203168 Constant MOULIN 🇧🇪) DNS resolution provided by Cloudflare 🔎 Payload URLs: 🌐 urlhaus.abuse.ch/host/45.88.90.… Payload: 📄 bazaar.abuse.ch/sample/21f1caa…
![MooMooBotDX's profile picture. [Version 1.01] An Official Cow Bot Created By @Tikaki_MooMoo](https://pbs.twimg.com/profile_images/600651839336353793/mWj58xse.jpg)
![MadCrossinEyes's profile picture. -It's full of Floweys out there...-
[semi cit. necessaria]](https://pbs.twimg.com/profile_images/1335040442950438917/vLmIYH-j.jpg)
#moobot c2 84.54.51.103:6666 87.121.58.103:6666 #mirai 84.54.51.103:32105 87.121.58.103:32105 IOC: nekololis[.]ovh Hosted on PFcloud[.]io Abuse reports are not being handled by pfcloud. hxxps://t.me/nekobotnet
![banthisguy9349's tweet image. #moobot c2
84.54.51.103:6666
87.121.58.103:6666
#mirai
84.54.51.103:32105
87.121.58.103:32105
IOC: nekololis[.]ovh
Hosted on PFcloud[.]io
Abuse reports are not being handled by pfcloud.
hxxps://t.me/nekobotnet](https://pbs.twimg.com/media/GH_E2NuXgAACyKN.png)
![banthisguy9349's tweet image. #moobot c2
84.54.51.103:6666
87.121.58.103:6666
#mirai
84.54.51.103:32105
87.121.58.103:32105
IOC: nekololis[.]ovh
Hosted on PFcloud[.]io
Abuse reports are not being handled by pfcloud.
hxxps://t.me/nekobotnet](https://pbs.twimg.com/media/GH_FCxIWEAA09mU.jpg)
![banthisguy9349's tweet image. #moobot c2
84.54.51.103:6666
87.121.58.103:6666
#mirai
84.54.51.103:32105
87.121.58.103:32105
IOC: nekololis[.]ovh
Hosted on PFcloud[.]io
Abuse reports are not being handled by pfcloud.
hxxps://t.me/nekobotnet](https://pbs.twimg.com/media/GH_FhOkWwAAZ9BJ.jpg)
Moobot Uses a Fake Vulnerability vulncheck.com/blog/moobot-us… #Pentesting #Moobot #Vulnerability #CyberSecurity #Infosec
#moobot #c2 on 42.96.2.220 Observed to use #mirai #malware hxxps://tria.ge/240211-gtq6gafe56 hxxps://www.virustotal.com/graph/http%3A%2F%2Fbotnet.networkbotbet.top%2F Redirect = fbi[.]gov hxxps://urlscan.io/result/f7c04df0-4fb1-419b-947d-cac124b69a0f/ found by @tolisec
![banthisguy9349's tweet image. #moobot #c2 on 42.96.2.220 Observed to use #mirai #malware
hxxps://tria.ge/240211-gtq6gafe56
hxxps://www.virustotal.com/graph/http%3A%2F%2Fbotnet.networkbotbet.top%2F
Redirect = fbi[.]gov
hxxps://urlscan.io/result/f7c04df0-4fb1-419b-947d-cac124b69a0f/
found by @tolisec](https://pbs.twimg.com/media/GGCuJqeWsAE9c_j.jpg)
![banthisguy9349's tweet image. #moobot #c2 on 42.96.2.220 Observed to use #mirai #malware
hxxps://tria.ge/240211-gtq6gafe56
hxxps://www.virustotal.com/graph/http%3A%2F%2Fbotnet.networkbotbet.top%2F
Redirect = fbi[.]gov
hxxps://urlscan.io/result/f7c04df0-4fb1-419b-947d-cac124b69a0f/
found by @tolisec](https://pbs.twimg.com/media/GGCukcQWEAAuS6q.png)
The stream was amazing I had so much time talking about bots #streamelements #moobot #streamlabs etc… Thank you ! . . . . . #nataliagrand #supportsmallstreams #gaming #gamers #streamer #twitchgamer #chat #gamergirl #youtube #supportsmallstreamers #twitchgirls
Why @MoobotApp "Files" doesn't work? I'm trying open Files and I never get it. I can't configure it!Anyone help me? #moobot #moobotassistant
getting there with #moobot, just need to figure out how to giveaway this MISC Reliant tonight #StarCitizen #Twitch
🚨🍯 CVE-2023-1389: Unauthenticated Command Injection on TP-Link Archer AX21 leads to #MooBot (Mirai DDoS variant). Attacker: 172.104.228.72 🇩🇪 Path: POST /cgi-bin/luci/;stok=/locale?form=country Payload: hxxp://91.92.249.96/condi/bot.x86_64 C2: 91.92.249.96 [+]…
TP-Link routers. http.favicon.hash:-1028703177 shodan.io/search/report?…
shodan.io
Shodan Search
113,226 results found for search query: http.favicon.hash:-1028703177
Something went wrong.
Something went wrong.
United States Trends
- 1. #UFC322 183K posts
- 2. Islam 287K posts
- 3. Morales 38.6K posts
- 4. Valentina 16.3K posts
- 5. Prates 36.6K posts
- 6. Sark 6,175 posts
- 7. Ilia 7,559 posts
- 8. Khabib 12.3K posts
- 9. Kirby 18.5K posts
- 10. Georgia 90K posts
- 11. Dagestan 2,871 posts
- 12. Dillon Danis 13.3K posts
- 13. Zhang 27.1K posts
- 14. Ole Miss 12.6K posts
- 15. #GoDawgs 9,857 posts
- 16. Leon 74.4K posts
- 17. LING BA TAO HEUNG 365K posts
- 18. #LingTaoHeungAnniversary 369K posts
- 19. Usman 10.4K posts
- 20. Tanner Wall N/A