IoT

Notes From The Lab: Sudden Increase of Traffic to Port 445

Notes From The Lab: Sudden Increase of Traffic to Port 445

Today @VessOnSecurity tweeted that they have seen an increase on the number of SMB attacks in their honeypot (See Figure 1). We checked our telemetry and indeed we saw an increase on the incoming traffic to our honeypots on port 445. We will describe in this blog post the observations from our telemetry.

IoT Malware Analysis Series. An IoT malware dropper with custom C&C channel exploiting HNAP

IoT Malware Analysis Series. An IoT malware dropper with custom C&C channel exploiting HNAP

On February 28th, 2019 we infected one of our devices with the malware sample that most AV detect as Mirai. However, it was a bash script downloader that obtains and exacute an ARM ELF binary to attack others using the HNAP vulnerability in order to infect new bots.