Unpacking the BADBOX Botnet
NetmanageIT OpenCTI - opencti.netmanageit.com
SUMMARY :
The BADBOX botnet, a newly discovered threat, targets Android devices, including high-end models like Yandex 4K QLED TVs. Over 190,000 infected devices have been observed, with malware often pre-installed from the factory or further down the supply chain. Using Censys, a suspicious SSL/TLS certificate common to BADBOX infrastructure was identified, revealing five IPs and numerous domains using the same certificate and SSH host key. This indicates a single actor controlling a templated environment. The analysis uncovered shared attributes among the infected hosts, including open SSH ports and nginx 1.20.1 running on CentOS. The scale and stealthy nature of BADBOX highlight the critical need for supply chain integrity monitoring and network traffic analysis.
OPENCTI LABELS :
botnet,android,supply chain,iot,firmware,censys,badbox,ssh host key,ssl/tls certificate
Open in NetmanageIT OpenCTI Public Instance with below link!
Use public read only username and password on login page.
NOTE : Use Public READ only user credentials on login page banner.
Unpacking the BADBOX Botnet