← Back to Pulse Feed
PULSE DETAIL
PULSE NAME
Inside Morte Loader: How Loader as a Service Builds Modern Botnets
Morte is a Loader as a Service (LaaS) designed to exploit vulnerable Small Office/Home Office (SOHO) routers, IoT devices, and web applications, effectively transforming these often-overlooked assets into a multifaceted botnet platform. Rather than deploying a specific malware strain, Morte provides a versatile loader that can be rented by cybercriminals to deliver various payloads such as Mirai, RondoDoX, cryptominers, or backdoors, adapting its approach based on the value associated with each compromised device.
The initial access process employs various techniques, including leveraging known CVEs, exploiting default credentials, and conducting brute force attacks against the web management panels of devices. This initial compromise is facilitated by a small shell bootstrap script that fingerprints the device's characteristics, subsequently downloading the appropriate Morte binary compatible with its CPU architecture.
MITRE ATT&CK & Malware Families
Indicators of Compromise (24 / 81 total)
| TYPE | INDICATOR | DESCRIPTION | CREATED | |
|---|---|---|---|---|
| FileHash-SHA1 | 4dd819aa69467c9cdbacf5338fb27424d6dfa54d | SHA1 of 16ba16bf6f0d4de4341bf38820777755012f008554f5e482b88cd4a85e97eb8b | 2025-12-01 | |
| FileHash-SHA1 | 943323643f4a021e8cee88d7b272a34a8b93a81e | SHA1 of fe9608ecb6c6f60cce0eef72f1aedf2946b08b38ac5259f703b220abb644ea33 | 2025-12-01 | |
| FileHash-SHA1 | f763e88370073bf0fdc57b7e2b237600e6aed753 | SHA1 of b8e0f37a4b4647f17da3fa0b9fec59858517be7a410b220f3892864a05d6abb9 | 2025-12-01 | |
| FileHash-SHA1 | 3f43f6ba577f301e0254119c2a798b5800871710 | SHA1 of d6b4631589c6c68093f7d1efe718696be4c7b48684c47c515b4845ea6111a3b7 | 2025-12-01 | |
| FileHash-SHA1 | 5ed09f895d9b120dbdef0a5e0e1a75fb4ad76c8d | SHA1 of 9b25b603427438fe93e5a6851c94cf877f4279dd093882c8e02189aa195d9d31 | 2025-12-01 | |
| FileHash-SHA1 | 6171aafcf35d561ad9187e32ad70d7a26141c40d | SHA1 of c2a281ca005af49c10f80f10ce0d2b874015e794bf023e78111206cd68f5f183 | 2025-12-01 | |
| FileHash-SHA1 | a874100187ea57278aae5e504c4a38536e94c134 | SHA1 of 54f074f9741c2480533ce774637dae79d011ba9bc616e1215ad9ddf488e162f6 | 2025-12-01 | |
| FileHash-SHA1 | c17bcc1246d7e4e66eda1de89827622a4f6b5cc8 | SHA1 of 3bf970fac214de8ac4440e7ea7938d15dfe9db8c3a63807e58a74a6510aa05f3 | 2025-12-01 | |
| FileHash-SHA1 | ddc4ab7285b8610d282554fdcf229179e43dad64 | SHA1 of 9ee5066a1854ee15278b55e0a4cf9c58c2446f0f4599d1de85202c2341026bbb | 2025-12-01 | |
| FileHash-SHA1 | e2c940d75b43cb208ac03c0844455d8baf4086dc | SHA1 of 7df91ed3adb982a228a860e2e68a504e42b6a092b16889b14abd09702257fea6 | 2025-12-01 | |
| FileHash-SHA1 | 11615ead76a97973b2183c7b992aaf13bdd8f67e | SHA1 of 8a2880ab70300e517b82d6aebb562ea7c0d6b9c1214484a59d6c2a186d77ffc7 | 2025-12-01 | |
| FileHash-SHA1 | 363a52a9fbbd4f6053e095c2b69c01ba8d89173a | SHA1 of 6d7f5dcbbdda3ae9840e08937f02daa2a7f1546777684c4336b10a1fe31ca50c | 2025-12-01 | |
| FileHash-SHA1 | 959eedc3832e8439f76bb7623fb7caba0de853ca | SHA1 of 3f8dea0daa29a990427b45142d285b3f587dee4955255b0c16f88181d8eeb8a5 | 2025-12-01 | |
| FileHash-SHA1 | c92014ecd308ccd9b61aa22824e0c252f9f7238a | SHA1 of e9d5b1831ec251f9ed3b236c8e6cae7b1a702475270aa88a89bf75f8331b5754 | 2025-12-01 | |
| FileHash-SHA1 | f3497c35d06d28d1239af328e384551ea298c17f | SHA1 of cf06e258e721169d18401a20085bd449c39dacea2b2da351703394f83a604d5e | 2025-12-01 | |
| FileHash-SHA1 | f59818e67f2c5ccc5bd0e9ee0bf1af3c0201bcb2 | SHA1 of f88aa064da17427cee044401a23918bb616950b2a1c9efb2bea5be89265aa0c6 | 2025-12-01 | |
| FileHash-SHA1 | f754ef46736ee0bb14ff0ad913ff23d705c6985d | SHA1 of eb3c93a6f4ff83533c2c255ae54a27cc810cc8e0e7462f4c304f53c47a90bbba | 2025-12-01 | |
| FileHash-SHA1 | 026b0548d948a3830294851320c613217b08a02e | SHA1 of e55ee7ca95beca998c6bc5f728ec0c2d1fa8af88a3bc54c2a61c7ad3df1a1eaa | 2025-12-01 | |
| FileHash-SHA1 | 1f0d4fb10c2ea84571fe0c573f00d22686e6487a | SHA1 of 664479fec42ed9949bbe153e67bd8618fb4be3dba9d1cf8688eb6faa6e2fad34 | 2025-12-01 | |
| FileHash-SHA1 | 45929662d5178e3d11f86db2f872483f0df857b8 | SHA1 of e9adfb0ec60476cbc147d52828c722770deed9bc4ac8d0f9a91cdb5c54926ecc | 2025-12-01 | |
| FileHash-SHA1 | 701cbdf4b00e00a86bc69dbfbca015808528d9ce | SHA1 of 20eec1f49d7ab9223b5d47b6f464aed12e418942570966eae401968088463f1a | 2025-12-01 | |
| FileHash-SHA1 | c9517966c3493edb4e07ca2467c7edad0350690e | SHA1 of 426cfa343d2637ae555e921aebea6a66f5370011e06dff0110d6bb73b17f3920 | 2025-12-01 | |
| FileHash-SHA1 | e05afc3e042ca387ca2230976a959c23b9bc3db0 | SHA1 of 3a1845d8f359309f6583dbc015338b1142da2c7217dfeef9cc6a1d557b9b4663 | 2025-12-01 | |
| FileHash-SHA1 | 9e7f6c8431a4e3eb8bfb6096bde55926a40d6c6b | SHA1 of 319bcb9236451105db1e4b0f71160d10066bb569b378a3fbe95b0fc2028f22c1 | 2025-12-01 |