Computer & Networking Hacks

Networking & Computer Hacks, Android phone apps & Games

Friday 8 December 2017

CERT-In MALWARE THREAT EXCHANGE (CMTX-P00832017) Mirai IOT botnet IOC's Blocklist CERT-In MALWARE THREAT EXCHANGE (CMTX-P00832017) Mirai IOT botnet IOC's Blocklist

CERT-In MALWARE THREAT EXCHANGE (CMTX-P00832017) Mirai IOT botnet IOC's Blocklist

by on in

CERT-In MALWARE THREAT EXCHANGE (CMTX-P00832017) Mirai IOT botnet IOC's Blocklist

CERT-In MALWARE THREAT EXCHANGE (CMTX-P00832017) Mirai IOT botnet IOC's Blocklist
The below information and security advisory was shared by CERT-IN (Government of India) as part of their regular update.
IOT Botnet-Mirai that primarily targets online consumer devices such as IP cameras and home routers are reported surging.
Domain IOCs:
    godnet[.]godnigga[.]eu
    nexusaquariums[.]ir
    miraibotnet[.]cf
    power4you[.]ddns[.]net
    serversrus[.]club
    santasbigcandycane[.]cx
    network[.]bigbotpein[.]com
    proxy[.]bigbotpein[.]com
    cnc[.]smokemethallday[.]tk
    report[.]smokemethallday[.]tk
    misaboatnet[.]pw
    snicker[.]ir
    dopeassnet[.]tk
    scan[.]snowondex[.]org
    back[.]uu8889[.]com
    rpt[.]uu8889[.]com
    165[.]227[.]220[.]202
    thonder[.]club
    flapik[.]pro
    blueandsausesfries[.]us
    smithre[.]top
    bursts[.]pro
    nnn[.]shenron[.]pw
    rrr[.]shenron[.]pw
    zetastress[.]net
    scan[.]snowondex[.]net


Recommendations:
1) Run updates and contact manufacturers to confirm devices are patched with the latest software and firmware.
2) Review IOT devices [home Internet routers, DVRs, IP cameras] to ensure they support the latest security protocols and standards and disable older insecure protocols. (Check the vendor’s websites for updates & patches).    
3) Change the default OEM credentials and ensure that passwords meet the minimum complexity.
4) Disable Universal Plug and Play (UPnP) unless absolutely necessary.Implement account lockout policies to reduce the risk of brute forcing attacks.
5) Telnet and SSH should be disabled on device if there is no requirement of remote management
6) Configure VPN and SSH to access device if remote access is required.
7) Configure certificate based authentication for telnet client for remote management of devices
8) Implement Egress and Ingress filtering at router level.
9) Unnecessary port and services should be stopped and closed.
10) Logging must be enabled on the device to log all the activities.
11) Enable and monitor perimeter device logs to detect scan attempts towards critical devices/systems.

Note: For protection against latest threats and vulnerabilities users may visit cert-in website: www.cert-in.org.in. The alerts on latest malware are published under VIRUS ALERTS section.




By on
Tags

No comments:

Post a Comment