| JenX | 2018 | Derived from Satori; offers DDoS-for-a-fee; targets Grand Theft Auto; uses server-based scanning and exploitation instead of peer-to-peer | HIGH | https://threatpost.com/jenx-botnet-has-grand-theft-auto-hook/129759/|
| JenX | 2018 | Derived from Satori; offers DDoS-for-a-fee; targets Grand Theft Auto; uses server-based scanning and exploitation instead of peer-to-peer | HIGH | https://threatpost.com/jenx-botnet-has-grand-theft-auto-hook/129759/|
| ADB.Miner | 2018 | Spreads via ADB Debug interface on port 5555; has infected smartphones; smart tvs, etc; mines cryptocurrencies | HIGH | https://www.zdnet.com/article/adb-miner-worm-is-rapidly-spreading-across-android-devices/ |
| ADB.Miner | 2018 | Spreads via ADB Debug interface on port 5555; has infected smartphones; smart tvs, etc; mines cryptocurrencies | HIGH | https://www.zdnet.com/article/adb-miner-worm-is-rapidly-spreading-across-android-devices/ |
| DarkSky | 2018 | The malware is capable of performing DDoS attacks using several vectors: DNS Amplification, TCP (SYN) Flood, UDP Flood, HTTP Flood. | HIGH | https://blog.radware.com/security/2018/02/darksky-botnet/ |
| DarkSky | 2018 | The malware is capable of performing DDoS attacks using several vectors: DNS Amplification, TCP (SYN) Flood, UDP Flood, HTTP Flood. | HIGH | https://blog.radware.com/security/2018/02/darksky-botnet/ |
| Hide 'N Seek (HNS) | 2018 | HNS targets 10 different CPU architectures such as x86, x64, ARM (LE and BE), SuperH, PPC, and more. Controlled as much as 90,000 IoT devices in April 2018. HNS bruteforces telnet and then restricts access to port 23 to prevent hijacking from bots. Once access is gained, the malware inserts itself into an /etc/init.d/ file for persitance accross reboots (first of its kind). The botnet is not used for DDoS attacks just yet and many have said the botnet is in a growth phase | HIGH | https://labs.bitdefender.com/2018/01/new-hide-n-seek-iot-botnet-using-custom-built-peer-to-peer-communication-spotted-in-the-wild/ https://labs.bitdefender.com/2018/05/hide-and-seek-iot-botnet-resurfaces-with-new-tricks-persistence/|
| Reaper / IoTroop | 2017 | Based on Mirai code, but attempts to exploit software vulnerabilities instead of password guessing; has infected routers, surveillance cameras, etc | HIGH | https://www.wired.com/story/reaper-iot-botnet-infected-million-networks/ |
| Reaper / IoTroop | 2017 | Based on Mirai code, but attempts to exploit software vulnerabilities instead of password guessing; has infected routers, surveillance cameras, etc | HIGH | https://www.wired.com/story/reaper-iot-botnet-infected-million-networks/ |
| Brickerbot | 2017 | Destroys insecure IoT devices to keep them from taking part in DDoS botnets | HIGH | https://ics-cert.us-cert.gov/alerts/ICS-ALERT-17-102-01A |
| Brickerbot | 2017 | Destroys insecure IoT devices to keep them from taking part in DDoS botnets | HIGH | https://ics-cert.us-cert.gov/alerts/ICS-ALERT-17-102-01A |
| Satori | 2017 | Based on Miria; Initially targeted Huawei routers | HIGH | https://www.darkreading.com/vulnerabilities---threats/satori-botnet-malware-now-can-infect-even-more-iot-devices/d/d-id/1330875 |
| Satori | 2017 | Based on Miria; Initially targeted Huawei routers | HIGH | https://www.darkreading.com/vulnerabilities---threats/satori-botnet-malware-now-can-infect-even-more-iot-devices/d/d-id/1330875 |
