← Back to Pulse Feed
PULSE DETAIL
PULSE NAME
Inside Water Barghest's Rapid Exploit-to-Market Strategy for IoT Devices
Water Barghest, a cybercriminal group, has developed a highly automated system for exploiting and monetizing IoT devices. Their botnet, comprising over 20,000 devices as of October 2024, uses automated scripts to identify and compromise vulnerable IoT devices from public internet scan databases. Once compromised, the Ngioweb malware is deployed, running in memory and connecting to command-and-control servers. The entire process, from initial infection to listing the device on a residential proxy marketplace, can take as little as 10 minutes. Water Barghest targets various IoT devices from brands like Cisco, DrayTek, and Zyxel, using both n-day vulnerabilities and at least one zero-day exploit. Their sophisticated operation has allowed them to maintain a low profile while generating steady income through their cybercriminal activities.
MITRE ATT&CK & Malware Families
Indicators of Compromise (15 / 97 total)
| TYPE | INDICATOR | DESCRIPTION | CREATED | |
|---|---|---|---|---|
| FileHash-MD5 | 053b4e35af82776cc84f1e997d13e874 | MD5 of 9cb6c49173e4cb5a0b3c2f6d69a5bdc0bc67138329f00afaf38d678f2c0e00a6 | 2024-11-18 | |
| FileHash-MD5 | 25c1373db67c8c5addf80d57f8f23815 | MD5 of 5353228926aa96b546b33de4418f15e347441d16d292f4946beca6a0d314e635 | 2024-11-18 | |
| FileHash-MD5 | 2a8ef3975395c3358889a723ea03741a | MD5 of 9fda16ad1d32f34c221d0e074a4ef13217eded63b5ff507452c4e2bbb57df3a4 | 2024-11-18 | |
| FileHash-MD5 | 33d2ae1f5cee2a033be5bb8447296816 | MD5 of a8f7eaf999eb6cc8461f785fad13da30315da80b534cae047c5811bbea3351e3 | 2024-11-18 | |
| FileHash-MD5 | 39ebbdbfb0e8543ba04df5cc7d69327f | MD5 of 2e940e3bd88226cfbbfb7a2eefbdd675173fd2950847a9131e11c1682353e286 | 2024-11-18 | |
| FileHash-MD5 | 4b0e1773a743509505cba6846950bde0 | MD5 of 129693d8c474a8de8f91e1d16e0129732aba20bea9ac24e7c68b345b7b05ad6f | 2024-11-18 | |
| FileHash-MD5 | 5584380ce95f7f96186be99cf408e07b | MD5 of 869965781d96a06741c2a28c54bb8e3233bc10fcb92455e6cb9ab0c9fc2c54d4 | 2024-11-18 | |
| FileHash-MD5 | 64708f9beb8cadcf3caa5f767590d83b | MD5 of b9360f1434ce7ff45b3ca49ff7269293188a339747b03bcd395b71b1d179700f | 2024-11-18 | |
| FileHash-MD5 | 6b1cafa1fb4d72ea37f0dcde4143a7a1 | MD5 of 05cd00f975bd2522d943e836ef5a1cb00806c6d684987274da850be348b2b1f4 | 2024-11-18 | |
| FileHash-MD5 | 8983d7ef13904aa6f7cdbc08f143a70a | MD5 of 9fb33a16762dce934e7a48946e396ad672ab16d42a060021238f2ddf6a9f0514 | 2024-11-18 | |
| FileHash-MD5 | 8e817c5998b15f5127b2189e486e1c7c | MD5 of be285b77211d1a33b7ae1665623a9526f58219e20a685b6548bc2d8e857b6b44 | 2024-11-18 | |
| FileHash-MD5 | 9c38019e7a78e4d42228bc3aedc87441 | MD5 of e3344c598a984dc5dc8dc1d971da8dd9b7058c48288dc5ad063548fff61543a1 | 2024-11-18 | |
| FileHash-MD5 | b5cde533fce5867099b2d23d19817acd | MD5 of a79ff2cd7f47b11d9176c40f0e82ba9b378c463ff9dd6e3e907df9480c7a1547 | 2024-11-18 | |
| FileHash-MD5 | c623440a590fe1cdad46a1e16baf6bc0 | MD5 of b8385ce60ca6c69b7ea67fa93c7d5908809658e7d8a4fb9e003890b820979f53 | 2024-11-18 | |
| FileHash-MD5 | d38cf622452526188998d4239abd6301 | MD5 of 78a1b5bea50034e7a03e6ed5c0f4f80f1fbc770555891a73790e1b59a2fba608 | 2024-11-18 |