HomeUpdateWhat did Botmon system find on the unique malware

What did Botmon system find on the unique malware

-

On October 27, 2021, Botmon system detected an attacker using CVE-2017-6079 to attack Edgewater Networks’ devices with a relatively unique mount file system command in its payload, which drew their attention. 

After further investigation, it was confirmed that this was a brand new botnet, which was named EwDoor because of its Edgewater producers’ targeting and Backdoor feature.

What did Botmon system find on the unique malware 1

After a registration the second C2 domain, iunno.se, to estimate the size of the initial version of Door, which used a multi-C2 redundancy technique.

Unfortunately, after having troubles with the main C2 network, InDoor altered its communication paradigm, employing BT tracker to downlink C2s, and then sight of Door was lost. 

However, throughout this brief observation, it was confirmed that the attacked devices were AT&T’s EdgeMarc Enterprise Session Border Controllers, and that all 5.7k active victims seen during the brief observation were AT&T’s EdgeMarc Enterprise Session Border Controllers.

Basically, the Door has gone through three versions of updates so far, and its major functions may be divided into two categories: DDoS attacks and Backdoor. 

It is assumed that the main goal of the attack is DDoS attacks and the collection of sensitive information, such as call records, because the attacked equipment is telephone communication related.

What did Botmon system find on the unique malware 2

Nidhi Khandelwal
Nidhi is a tech news/research contributor at TheDigitalHacker. She publishes about techno geopolitics, privacy, and data breach.

Must Read

Vodafone Idea (VI) states yet another levy climb is coming as...

0
Only half a month after a tax climb, Vodafone Idea says another could be coming soon as the striving telco hopes to fight lessening...