MOZI BOTNET | Altitude Unlimited

MOZI BOTNET

9/29/2020

A new malware family called Mozi, using several known malware families code– Gafgyt, Mirai and IoT Reaper have been brought together to form a peer-to-peer (P2P) botnet capable of DDoS attacks, data exfiltration and command or payload execution.

OVERVIEW

Mozi a peer-to-peer (P2P) botnet attack is active since late 2019 and targeting Internet of things (IoT) devices.
Mozi botnet is based on the distributed sloppy hash table (DSHT) protocol targeting IoT devices, predominantly routers and DVRs that are either unpatched or have weak telnet passwords
Mozi targets via command injection (CMDi) attacks and taking advantage of IoT device misconfigurations and weak telnet passwords.
It has four major capabilities:
1. It can conduct DDoS attack (HTTP, TCP, UDP)
2. Carry out command execution attack
3. Download malicious payload from specified URL and execute it
4. Gather bot information

OVERVIEW

Mozi a peer-to-peer (P2P) botnet attack is active since late 2019 and targeting Internet of things (IoT) devices.

Mozi botnet is based on the distributed sloppy hash table (DSHT) protocol targeting IoT devices, predominantly routers and DVRs that are either unpatched or have weak telnet passwords

Mozi targets via command injection (CMDi) attacks and taking advantage of IoT device misconfigurations and weak telnet passwords.

It has four major capabilities:

It can conduct DDoS attack (HTTP, TCP, UDP)

Carry out command execution attack

Download malicious payload from specified URL and execute it

Gather bot information