New Mirai Variant Murdoc_Botnet Launches DDoS Attacks via IoT Exploits

This article explores the recent campaign of Murdoc_Botnet, a malware variant of Mirai targeting vulnerable AVTECH and Huawei devices. The Qualys Threat Research team discovered this ongoing campaign in July 2024.

The Qualys Threat Research Unit has discovered a live campaign for the Mirai botnet, which began in July 2024 and deploys a new botnet called Murdoc_Botnet. It is a large-scale operation within the Mirai campaign, exploiting vulnerabilities targeting AVTECH Cameras and Huawei HG532 routers. 

The attackers utilized ELF and shell script execution to deploy the Murdoc_Botnet botnet sample. This technique leverages existing vulnerabilities (CVE-2024-7029, CVE-2017-17215) to download the next-stage payloads. The research began with the discovery and analysis of Murdoc_Botnet binaries used for DDOS activities. Using Qualys EDR, threat intelligence data, and open-source intelligence (OSINT), the researchers were able to attribute Murdoc_Botnet as a Mirai variant.

The researchers discovered around 1300+ active IPs and 100+ distinct servers, each tasked ...