![]() ![]() “Both PurpleFox and DirtyMoe are still active malware and gaining strength.”Īvast released detailed information about this botnet’s attacks, including indicators of compromise (IOCs). Therefore, blocking of C&C servers is not an easy task since C&C addresses are different each time and they are not hard-coded.” concludes the analysis.” continues the analysis. ![]() Communication with C&C servers is based on DNS requests and it uses a special mechanism translating DNS results to a real IP address. “The malware implements many self-defense and hiding techniques applied on local, network, and kernel layers. This indicates that the threat actors behind the campaign are well-organized and working on a global scale. The majority of the C&C servers used in the attacks are located inside China. The number of victims is likely far greater. Most of the hits were in Russia, followed by Ukraine, Vietnam, and Brazil.Įxperts noted that this data only pertains to systems that run AVAST’s antivirus solution. “The increase of incidences has been higher in orders of magnitude this year,” they said in the report. Researchers note a spike in the bot’s activity. The DirtyMoe’s worm-like module has been detected in remote attacks against Windows systems performing brute-force attacks. “Recently, a new infection vector that cracks Windows machines through SMB password brute force is on the rise,” reads the analysis published by AVAST. For example, DirtyMoe added a worm module for spreading to other Windows systems via the Internet. Since 2020, it’s been considerably upgraded by its authors. ![]() It also tricks users into visiting a malicious site that hosts the PurpleFox exploit kit that is used by attackers to exploit the CVE-2020-0674 scripting engine memory corruption vulnerability. Its operators distribute t he DirtyMoe rootkit via malspam campaigns. It was mainly used for mining cryptocurrency in 2017 and as part of DDoS attacks in 2018. Researchers from Avast warn about the spike in activity of the botnet, which is also known as PurpleFox, Perkiler, and NuggetPhantom, a nd describe a new infection vector.ĭirtyMoe is a multi-purpose complex Windows malware that has been active since 2017. DirtyMoe is a Windows botnet that has infected over 100,000 Windows ifected systems in the first half of 2021, as compared to 10,000 infected systems in 2020. ![]()
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |