Since September, a number of fresh iterations of the Mirai botnet have been discovered to be operational. NSFOCUS researchers revealed technical information on three of these botnet variants that have caught their attention: hailBot, kiraiBot, and catDDoS. hailBot, which is derived from the string “hail china mainland,” was first identified around the close of the previous year. It supports four TCP and UDP-based DDoS attack techniques.
It spreads by using brute-force attacks or the Huawei HG532 router’s old vulnerability (CVE-2017-17215). In some instances, it was seen that bait files with the names “INVOICE.xlsx,” “Product_requetslist.xlsx,” or “CIF WMS REF NO 451RFQ ARN-DT-2021-06-29.xlsx” were used to spread the vulnerability’s exploit.