DirtyMoe; The botnet with an untraceable threat profile

DirtyMoe is a malware botnet with an undetectable threat profile which has been in the spotlight since 2016.

In the modified version, the Botnet uses a threat profile which is difficult to trace. This version has the advantage of anti-forensic, anti-debugging, and anti-tracking features which keeps it unidentified.

Take a look at how the new version functions and what makes it one of a kind.

  • The most preferred way is the exploitation of the EternalBlue (a vulnerability in Windows), using the Purplefox exploit kit.
  • The attackers then begin the attack by gaining access to the administrative privileges of the targeted windows machine.
  • The DirtyMoe can be deployed into the machine once the admin access is exploited.

Malicious activities in the machine are hidden by using VM protect and the malware’s own encryption techniques. The Botnet is then camouflaged using several rootkit techniques, as well as a multi-level network communication architecture to disguise the deployed malware.

Cryptojacking and DDoS attacks are mostly performed using DirtyMoe.

DirtyMoe and other botnets can only be encountered through proper vulnerability management solutions.