← Back to Pulse Feed
PULSE DETAIL
PULSE NAME
Long Live The Vo1d Botnet: New Variant Hits 1.6 Million TV Globally
WHITE Vo1d AlienVault 2025-02-28 Modified: 2025-03-30
51
IOCs
HIGH VOLUME
The Vo1d botnet has infected 1.6 million Android TV devices across 200+ countries, posing a significant cybersecurity threat. This new variant demonstrates enhanced stealth and resilience, utilizing RSA encryption, DGA-based infrastructure, and a modified XXTEA algorithm. The botnet's scale and capabilities surpass previous major attacks, potentially enabling devastating DDoS attacks or unauthorized content broadcasting. Analysis reveals a sophisticated multi-component system including downloaders, backdoors, and modular malware for proxy services and ad fraud. The botnet's rapid growth and evasion techniques highlight the urgent need for improved security measures in smart TV devices and set-top boxes.
vo1dproxy networkbotnetandroid tvset-top box
MITRE ATT&CK & Malware Families
ATT&CK TECHNIQUES
MALWARE FAMILIES
Vo1d Mzmess BigPanzi
Indicators of Compromise (51)
All FileHash-MD5 FileHash-SHA1 URL domain hostname
TYPEINDICATORDESCRIPTIONCREATED
FileHash-MD5 01a692df9deb5e8db620e4fb7e687836 2025-02-28
FileHash-MD5 0c454831bdb679bdd083c5a7cc785733 2025-02-28
FileHash-MD5 2d6d91c5988dcab2eb4dab1ec55cfbb9 2025-02-28
FileHash-MD5 2de1775908db39f3c4edbb7a7d99268d 2025-02-28
FileHash-MD5 30da72fda6d0f5e3972272332d7fc47b 2025-02-28
FileHash-MD5 456e14aa644bd31d85e0fe6f78d8fc15 2025-02-28
FileHash-MD5 47c5bf4fbce983c2182ba103d2773dff 2025-02-28
FileHash-MD5 4efa4566794d86e033c2362cad05f1f8 2025-02-28
FileHash-MD5 4f4d5e37feda9e9556c816c100e1de30 2025-02-28
FileHash-MD5 53493b07fe423b1dbdc789803cbac7c1 2025-02-28
FileHash-MD5 5701ee051f80e92c1efc5ad32f8401d3 2025-02-28
FileHash-MD5 6168dafc5a1d297cf33b26b65db315cc 2025-02-28
FileHash-MD5 68ec86a761233798142a6f483995f7e9 2025-02-28
FileHash-MD5 6bb3258b688f81dfd03128bccf18823b 2025-02-28
FileHash-MD5 9e116f9ad2ff072f02aa2ebd671582a5 2025-02-28
FileHash-MD5 a07533a9504fff0756a8ba59ca0af4d6 2025-02-28
FileHash-MD5 a4df8a0484e04fe660563b69c93c7f14 2025-02-28
FileHash-MD5 a774eb68f60621bfddd8db461d978c12 2025-02-28
FileHash-MD5 aabbccddaabbccddaabbccddaabbccdd 2025-02-28
FileHash-MD5 b447aaf52c1efad388612f8220969c35 2025-02-28
FileHash-MD5 b6d5c945d61a73641e710f357214f3e3 2025-02-28
FileHash-MD5 bb6b9aec7d4bfa524c7c5117257e4d78 2025-02-28
FileHash-MD5 d9126d936d505b9fa9a8278fda1daaae 2025-02-28
FileHash-MD5 de252f9ac7624d723212e7e70972134d 2025-02-28
FileHash-MD5 de8f69efdb29cdf5fd12dd7b74584696 2025-02-28
FileHash-MD5 fc7dc3c5306d6a508023160953168a16 2025-02-28
FileHash-SHA1 70672a8ccee11976077ff4f3dc16966bbf67e965 2025-02-28
URL http://adstat.ziyemy.shop:3389 2025-02-28
URL http://csskkjw.com/s3/b7027626 2025-02-28
URL http://dcsdk.100ulife.com/reportcompbin 2025-02-28
URL http://dcsdk.100ulife.com/sdkbin 2025-02-28
URL http://dcsdkos.dc16888888.com/reportcompbin 2025-02-28
URL http://dcsdkos.dc16888888.com/sdkbin 2025-02-28
URL http://jaguar-distributor.syslogcollector.com:12000/v1/agent/ctrl 2025-02-28
URL http://ssl87362.com:9999 2025-02-28
URL http://task.moyu88.xyz/cpc/api/proxy/origin 2025-02-28
URL http://task.moyu88.xyz/cpc/api/task 2025-02-28
URL http://task.moyu88.xyz/cpc/api/xml?productId=0 2025-02-28
URL https://dcsdk.100ulife.com/reportcompbin 2025-02-28
URL https://dcsdk.100ulife.com/sdkbin 2025-02-28
URL https://dcsdkos.dc16888888.com/reportcompbin 2025-02-28
URL https://dcsdkos.dc16888888.com/sdkbin 2025-02-28
domain 2940637fafa.com 2025-02-28
domain catmore23.com 2025-02-28
domain conannt.com 2025-02-28
domain csok997.com 2025-02-28
domain csskkjw.com 2025-02-28
domain spiritlib.cyou 2025-02-28
domain ssl87362.com 2025-02-28
domain wowokeys.com 2025-02-28
hostname update.ad3g.com 2025-02-28
References (1)
↗ https://blog.xlab.qianxin.com/long-live-the-vo1d_botnet