New Aquabot Variant Targeting Mitel SIP Phones

216.73.217.98

New Aquabot Variant Targeting Mitel SIP Phones

· Published 29/01/2025 12:20 · Modified 29/01/2025 13:04

Essential information

Published: 29/01/2025 12:20
Modified: 29/01/2025 13:04
Tags: 2025-01-29 CVE-2018-10561 CVE-2018-10562 CVE-2018-17532 CVE-2022-31137 CVE-2023-26801 CVE-2024-41710 aquabot aquabotv3 botnet ddos iot mirai
Related entities: 45 observables, 1 intrusion sets (apt), 16 techniques (mitre), 1 malware

Description

A new variant of the Mirai-based malware, Aquabot, dubbed Aquabotv3, is actively exploiting Mitel SIP phones through CVE-2024-41710. This variant introduces a novel feature for Mirai-based botnets: reporting back to the command and control server when kill signals are caught on infected devices. The malware spreads through various vulnerabilities, including Hadoop YARN, and targets IoT devices. It's being advertised as a DDoS-as-a-service on platforms like Telegram. The botnet's unique signal handling could be used to observe defensive activities or detect disruptions from competing botnets.

External references

https://otx.alienvault.com/pulse/679a1d27e031cf6d34f669e5