TTPwire Vol. 1 · MITRE ATT&CK·Tagged

← All stories

The Hacker News

Mirai-Based xlabs_v1 Botnet Exploits ADB to Hijack IoT Devices for DDoS Attacks

[email protected] (The Hacker News) · 2 hours ago · Read original ↗

ATT&CK techniques detected

9 predictions
T1584.005Botnet
79%
“mirai - based xlabs _ v1 botnet exploits adb to hijack iot devices for ddos attacks cybersecurity researchers have exposed a new mirai - derived botnet that self - identifies as xlabs _ v1 and targets internet - exposed devices running android debug bridge ( adb ) to enlist them …”
T1584.005Botnet
77%
“is more sophisticated than the typical script - kiddie mirai fork [... ], but less sophisticated than the top tier of commercial ddos - for - hire operations, " hunt. io said. " this operator is competing on price and attack variety, not technical sophistication. consumer iot dev…”
T1584.005Botnet
51%
“, set - top boxes, smart tvs, and iot - grade arm hardware that ships with adb enabled. " there is evidence indicating that the ddos - for - hire service features bandwidth - tiered pricing. this assessment is based on the presence of a bandwidth - profiling routine that collects…”
T1498Network Denial of Service
51%
“is more sophisticated than the typical script - kiddie mirai fork [... ], but less sophisticated than the top tier of commercial ddos - for - hire operations, " hunt. io said. " this operator is competing on price and attack variety, not technical sophistication. consumer iot dev…”
T1498.001Direct Network Flood
45%
“mirai - based xlabs _ v1 botnet exploits adb to hijack iot devices for ddos attacks cybersecurity researchers have exposed a new mirai - derived botnet that self - identifies as xlabs _ v1 and targets internet - exposed devices running android debug bridge ( adb ) to enlist them …”
T1496Resource Hijacking
43%
“. io said. " this design suggests the operator views bandwidth probing as an infrequent fleet - tier - update operation rather than a per - attack pre - flight check, and the resulting exit - and - re - infect cycle is the design intent. " xlabs _ v1 also features a " killer " su…”
T1583.005Botnet
41%
“, set - top boxes, smart tvs, and iot - grade arm hardware that ships with adb enabled. " there is evidence indicating that the ddos - for - hire service features bandwidth - tiered pricing. this assessment is based on the presence of a bandwidth - profiling routine that collects…”
T1195.003Compromise Hardware Supply Chain
41%
“out android devices running an exposed adb service on tcp port 5555, meaning any gear that comes with the tool enabled by default, such as android tv boxes, set - top boxes, smart tvs, could be a potential target. besides an android apk ( " boot. apk ", the malware supports multi…”
T1498.001Direct Network Flood
39%
“is more sophisticated than the typical script - kiddie mirai fork [... ], but less sophisticated than the top tier of commercial ddos - for - hire operations, " hunt. io said. " this operator is competing on price and attack variety, not technical sophistication. consumer iot dev…”

Summary

Cybersecurity researchers have exposed a new Mirai-derived botnet that self-identifies as xlabs_v1 and targets internet-exposed devices running Android Debug Bridge (ADB) to enlist them in a network capable of carrying out distributed denial-of-service (DDoS) attacks. Hunt.io, which detailed the malware, said it made the discovery after identifying an exposed directory on a Netherlands-hosted