Security Intelligence -
DirtyMoe Botnet Returns With Undetectable Threat Profile
The malware botnet known as DirtyMoe has been around since at least 2016, but its newest version makes some major changes that put it back in the spotlight. Take a look at how the new version works, what is different about it and how to defend against it.
Back in 2016, NuggetPhantom appeared as its first iteration. NuggetPhantom and several of the threat’s other early samples didn’t work well, however. They tended to be unstable and they yielded symptoms expected of a compromise.
Fast forward five years, and DirtyMoe is a different malware. Avast analyzed its most recent variants and found that they match other threats in terms of their anti-forensic, anti-debugging and anti-tracking capabilities. On top of this, the DirtyMoe botnet balances a modular structure with a threat profile that can’t be detected or tracked.
How the DirtyMoe Botnet Works
DirtyMoe’s attack chain begins with the attackers attempting to gain admin privileges on a target’s windows machine.
One of their preferred techniques is relying on the PurpleFox exploit kit to misuse EternalBlue, an opening in Windows. In spring 2019, researchers discovered