Pulse Detail — Threat Intelligence

PULSE NAME

Long Live The Vo1d Botnet: New Variant Hits 1.6 Million TV Globally

WHITE CyberHunter_NL 2025-02-28 Modified: 2025-03-30

IOCs

HIGH VOLUME

A new variant of the Vo1d botnet is taking control of 1.6 million Android TV devices worldwide, according to a new report by cybersecurity researchers XLab and its artificial intelligence unit.

dga en android backdoor botnet vo1d vo1d botnet january february china below redirector c2 dga algorithm codomain system xxtea key downloader impact twitter fraud drop python dexloader test leave virustotal bigpanzi mirai dex

MITRE ATT&CK & Malware Families

ATT&CK TECHNIQUES

T1059 T1040 T1566 T1552 T1036 T1095 T1195 T1495 T1090 T1102 T1140 T1568

MALWARE FAMILIES

Bigpanzi Mirai DEX Vo1d

Indicators of Compromise (15 / 88 total)

All FileHash-MD5 FileHash-SHA1 URL domain hostname

TYPE	INDICATOR	DESCRIPTION	CREATED
URL	http://adstat.ziyemy.shop:3389	—	2025-02-28
URL	http://csskkjw.com/s3/b7027626	—	2025-02-28
URL	http://dcsdk.100ulife.com/reportcompbin	—	2025-02-28
URL	http://dcsdk.100ulife.com/sdkbin	—	2025-02-28
URL	http://dcsdkos.dc16888888.com/reportcompbin	—	2025-02-28
URL	http://dcsdkos.dc16888888.com/sdkbin	—	2025-02-28
URL	http://jaguar-distributor.syslogcollector.com:12000/v1/agent/ctrl	—	2025-02-28
URL	http://ssl87362.com:9999	—	2025-02-28
URL	http://task.moyu88.xyz/cpc/api/proxy/origin	—	2025-02-28
URL	http://task.moyu88.xyz/cpc/api/task	—	2025-02-28
URL	http://task.moyu88.xyz/cpc/api/xml?productId=0	—	2025-02-28
URL	https://dcsdk.100ulife.com/reportcompbin	—	2025-02-28
URL	https://dcsdk.100ulife.com/sdkbin	—	2025-02-28
URL	https://dcsdkos.dc16888888.com/reportcompbin	—	2025-02-28
URL	https://dcsdkos.dc16888888.com/sdkbin	—	2025-02-28

References (1)

↗ https://blog.xlab.qianxin.com/long-live-the-vo1d_botnet/