{"id":1001,"date":"2018-05-21T13:01:56","date_gmt":"2018-05-21T13:01:56","guid":{"rendered":"https:\/\/kasperskycontenthub.com\/threatpost\/?p=132125"},"modified":"2018-05-21T13:01:56","modified_gmt":"2018-05-21T13:01:56","slug":"wicked-botnet-uses-passel-of-exploits-to-target-iot","status":"publish","type":"post","link":"https:\/\/www.threatshub.org\/blog\/wicked-botnet-uses-passel-of-exploits-to-target-iot\/","title":{"rendered":"Wicked Botnet Uses Passel of Exploits to Target IoT"},"content":{"rendered":"<div class=\"media_block\"><\/div>\n<div><img decoding=\"async\" src=\"https:\/\/media.kasperskycontenthub.com\/wp-content\/uploads\/sites\/31\/2018\/05\/18170053\/CCTV-botnet.jpg\" class=\"ff-og-image-inserted\"\/><\/div>\n<p>Yet another variant of the Mirai botnet has appeared on the scene, but this one has a twist: The code is integrated with at least three exploits that target unpatched IoT devices, including closed-circuit cameras and Netgear routers. It also has ties to a web of other botnets, made for DDoS attacks, which can all be traced back to one threat actor.<\/p>\n<p>The original <a href=\"https:\/\/threatpost.com\/a-mirai-botnet-postscript-lessons-learned\/130529\/\">Mirai<\/a> used traditional brute-force attempts to gain access to connected things in order to enslave them, but the Wicked Botnet, named after the underground handle chosen by its author, prefers to go the exploit route to gain access.<\/p>\n<p>Fortinet\u2019s FortiGuard Labs team <a href=\"https:\/\/www.fortinet.com\/blog\/threat-research\/a-wicked-family-of-bots.html\">analyzed<\/a> the botnet, and found that the exploits it uses are matched to the ports it uses.<\/p>\n<p>\u201cIt scans ports 8080, 8443, 80 and 81 by initiating a raw socket SYN connection; if a connection is established, it will attempt to exploit the device and download its payload,\u201d explained researchers Rommel Joven and Kenny Yang, in the analysis. \u201cIt does this by writing the exploit strings to the socket. The exploit to be used depends on the specific port the bot was able to connect to.\u201d<\/p>\n<p>Specifically, port 8080 brings an exploit for a flaw in <a href=\"https:\/\/threatpost.com\/netgear-fixes-50-vulnerabilities-in-routers-switches-nas-devices\/128230\/\">Netgear<\/a> DGN1000 and DGN2200 v1 routers (also used by the <a href=\"https:\/\/threatpost.com\/hackers-prepping-iotroop-botnet-with-exploits\/128608\/\">Reaper botnet<\/a>); a connection to port 81 makes use of a CCTV-DVR remote code execution flaw; port 8443 connections use a command injection exploit for the Netgear R7000 and R6400 routers (<a href=\"https:\/\/cve.mitre.org\/cgi-bin\/cvename.cgi?name=CVE-2016-6277\">CVE-2016-6277<\/a>); and port 80 corresponds with an invoker shell in compromised web servers. The latter does not directly exploit the device, but instead takes advantage of compromised web servers with malicious web shells already installed.<\/p>\n<p>\u201cSince a lot of IoT malware (e.g. Mirai) have already attacked devices via default passwords\/ brute-forcing, new attacks like Wicked bot are forced to take a different option like the use of exploits to become effective,\u201d explained Joven, in an interview with Threatpost.<\/p>\n<p>They also uncovered that Wicked is a botnet that\u2019s used to download another botnet. Rather than just equipping Wicked itself with the ability to carry out whatever action the criminal behind the bot wants, the author\u00a0wanted to separate the distribution and its payload.<\/p>\n<p>\u201cThis has advantages in development as well to evade detection,\u201d Joven told us. \u201cThe same goes with other malware (e.g. ransomware) which has a document or script to download the ransomware payload.\u201d<\/p>\n<p><strong>A Wicked Web of Botnets<\/strong><\/p>\n<p>The analysts also found that the Wicked bot is connected to other, previous Mirai-based botnets; in fact, in terms of payloads, Wicked is built to download them. This led them to the author behind the Wicked bot.<\/p>\n<p>They essentially followed a trail of breadcrumbs: For one, the Wicked bot\u2019s code contains a the string called \u201cSoraLOADER,\u201d which seems to indicate that it\u2019s a spreader for the Sora botnet, another Mirai variant.<\/p>\n<p>However, the malicious website that houses the bad code contains the name \u201cOwari,\u201d which is the name of yet another Mirai variant.<\/p>\n<p>On top of that, the payload that it delivers is not Owari at all, but rather the Omni bot, which based on its code can be used for DDoS attack similar to Mirai.<\/p>\n<p>\u201cAt the time of analysis, the Owari bot samples could no longer be found in the website directory,\u201d the researchers explained. \u201c[However], we doublechecked the history of the malicious website and confirmed that it had previously delivered the Owari botnet.\u201d<\/p>\n<p>Thus, it would seem that Omni, Owari and Sora are all connected to the Wicked bot.<\/p>\n<p>\u201cFuzzing the website\u2019s \/bins directory, we found other Omni samples in the directory, which were reported to be delivered using the <a href=\"https:\/\/threatpost.com\/millions-of-home-fiber-routers-vulnerable-to-complete-takeover\/131593\/\">GPON vulnerability<\/a> (CVE-2018-10561),\u201d the researchers said. \u201cPayloads are regularly updated, as shown by its timestamp.\u201d<\/p>\n<p>Putting this connection together with an interview last April conducted by NewSky Security, the researchers were able to trace the new bot back to an author using the pseudonym \u201cWicked\u201d in which he confirmed himself as the author of both Sora and Owari.<\/p>\n<p>\u201cApparently, as seen in the \/bins repository, Sora and Owari botnet samples have now both been abandoned and replaced with Omni,\u201d Fortinet\u2019s Joven and Yang said. \u201cThis also leads us to the conclusion that while the Wicked bot was originally meant to deliver the Sora botnet, it was later repurposed to serve the author\u2019s succeeding projects.\u201d<\/p>\n<p>Sean Newman, director of product management at Corero Network Security, said via email that while the rash of <a href=\"https:\/\/threatpost.com\/mirai-variant-targets-financial-sector-with-iot-ddos-attacks\/131056\/\">Mirai variants<\/a> is unsurprising given that the source code leaked two years ago, \u201cthe suggestion that hackers don\u2019t get it right every time, with some variants apparently abandoned before they were actively used, is both interesting and concerning.\u201d<\/p>\n<p>He added, \u201cThe fact that hackers can even experiment with their innovation in the wild on live systems, without being detected, further highlights the scale of the challenge that the poor security posture of IoT devices presents.\u201d<\/p>\n<p>READ MORE <a href=\"https:\/\/threatpost.com\/wicked-botnet-uses-passel-of-exploits-to-target-iot\/132125\/\">HERE<\/a><\/p>\n","protected":false},"excerpt":{"rendered":"<p>The code is integrated with at least three exploits that target unpatched IoT devices, including closed-circuit cameras and Netgear routers. READ MORE HERE&#8230;<\/p>\n","protected":false},"author":2,"featured_media":1002,"comment_status":"closed","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"colormag_page_layout":"default_layout","footnotes":""},"categories":[3],"tags":[642,643,77,28,260,644,645,646,647,19,648],"class_list":["post-1001","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-threatpost","tag-closed-circuit-cameras","tag-exploits","tag-iot","tag-malware","tag-malware-analysis","tag-netgear-routers","tag-omni","tag-owari","tag-sora","tag-vulnerabilities","tag-wicked-botnet"],"yoast_head":"<!-- This site is optimized with the Yoast SEO plugin v27.7 - https:\/\/yoast.com\/product\/yoast-seo-wordpress\/ -->\n<title>Wicked Botnet Uses Passel of Exploits to Target IoT 2026 | ThreatsHub Cybersecurity News<\/title>\n<meta name=\"description\" content=\"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security &amp; Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.\" \/>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/www.threatshub.org\/blog\/wicked-botnet-uses-passel-of-exploits-to-target-iot\/\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"Wicked Botnet Uses Passel of Exploits to Target IoT 2026 | ThreatsHub Cybersecurity News\" \/>\n<meta property=\"og:description\" content=\"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security &amp; Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.\" \/>\n<meta property=\"og:url\" content=\"https:\/\/www.threatshub.org\/blog\/wicked-botnet-uses-passel-of-exploits-to-target-iot\/\" \/>\n<meta property=\"og:site_name\" content=\"ThreatsHub Cybersecurity News\" \/>\n<meta property=\"article:published_time\" content=\"2018-05-21T13:01:56+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2018\/05\/wicked-botnet-uses-passel-of-exploits-to-target-iot.jpg\" \/>\n\t<meta property=\"og:image:width\" content=\"680\" \/>\n\t<meta property=\"og:image:height\" content=\"400\" \/>\n\t<meta property=\"og:image:type\" content=\"image\/jpeg\" \/>\n<meta name=\"author\" content=\"TH Author\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:creator\" content=\"@threatshub\" \/>\n<meta name=\"twitter:site\" content=\"@threatshub\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"TH Author\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"4 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\\\/\\\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/wicked-botnet-uses-passel-of-exploits-to-target-iot\\\/#article\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/wicked-botnet-uses-passel-of-exploits-to-target-iot\\\/\"},\"author\":{\"name\":\"TH Author\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#\\\/schema\\\/person\\\/12e0a8671ff89a863584f193e7062476\"},\"headline\":\"Wicked Botnet Uses Passel of Exploits to Target IoT\",\"datePublished\":\"2018-05-21T13:01:56+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/wicked-botnet-uses-passel-of-exploits-to-target-iot\\\/\"},\"wordCount\":828,\"publisher\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#organization\"},\"image\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/wicked-botnet-uses-passel-of-exploits-to-target-iot\\\/#primaryimage\"},\"thumbnailUrl\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/wp-content\\\/uploads\\\/2018\\\/05\\\/wicked-botnet-uses-passel-of-exploits-to-target-iot.jpg\",\"keywords\":[\"closed circuit cameras\",\"exploits\",\"IoT\",\"Malware\",\"Malware analysis\",\"netgear routers\",\"omni\",\"owari\",\"sora\",\"Vulnerabilities\",\"wicked botnet\"],\"articleSection\":[\"Threatpost\"],\"inLanguage\":\"en-US\"},{\"@type\":\"WebPage\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/wicked-botnet-uses-passel-of-exploits-to-target-iot\\\/\",\"url\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/wicked-botnet-uses-passel-of-exploits-to-target-iot\\\/\",\"name\":\"Wicked Botnet Uses Passel of Exploits to Target IoT 2026 | ThreatsHub Cybersecurity News\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#website\"},\"primaryImageOfPage\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/wicked-botnet-uses-passel-of-exploits-to-target-iot\\\/#primaryimage\"},\"image\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/wicked-botnet-uses-passel-of-exploits-to-target-iot\\\/#primaryimage\"},\"thumbnailUrl\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/wp-content\\\/uploads\\\/2018\\\/05\\\/wicked-botnet-uses-passel-of-exploits-to-target-iot.jpg\",\"datePublished\":\"2018-05-21T13:01:56+00:00\",\"description\":\"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security & Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.\",\"breadcrumb\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/wicked-botnet-uses-passel-of-exploits-to-target-iot\\\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/wicked-botnet-uses-passel-of-exploits-to-target-iot\\\/\"]}]},{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/wicked-botnet-uses-passel-of-exploits-to-target-iot\\\/#primaryimage\",\"url\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/wp-content\\\/uploads\\\/2018\\\/05\\\/wicked-botnet-uses-passel-of-exploits-to-target-iot.jpg\",\"contentUrl\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/wp-content\\\/uploads\\\/2018\\\/05\\\/wicked-botnet-uses-passel-of-exploits-to-target-iot.jpg\",\"width\":680,\"height\":400},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/wicked-botnet-uses-passel-of-exploits-to-target-iot\\\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"closed circuit cameras\",\"item\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/tag\\\/closed-circuit-cameras\\\/\"},{\"@type\":\"ListItem\",\"position\":3,\"name\":\"Wicked Botnet Uses Passel of Exploits to Target IoT\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#website\",\"url\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/\",\"name\":\"ThreatsHub Cybersecurity News\",\"description\":\"%%focuskw%% Threat Intel \u2013 Threat Intel Services \u2013 CyberIntelligence \u2013 Cyber Threat Intelligence - Threat Intelligence Feeds - Threat Intelligence Reports - CyberSecurity Report \u2013 Cyber Security PDF \u2013 Cybersecurity Trends - Cloud Sandbox \u2013- Threat IntelligencePortal \u2013 Incident Response \u2013 Threat Hunting \u2013 IOC - Yara - Security Operations Center \u2013 SecurityOperation Center \u2013 Security SOC \u2013 SOC Services - Advanced Threat - Threat Detection - TargetedAttack \u2013 APT \u2013 Anti-APT \u2013 Advanced Protection \u2013 Cyber Security Services \u2013 Cybersecurity Services -Threat Intelligence Platform\",\"publisher\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#organization\"},\"alternateName\":\"Threatshub.org\",\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"en-US\"},{\"@type\":\"Organization\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#organization\",\"name\":\"ThreatsHub.org\",\"alternateName\":\"Threatshub.org\",\"url\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/\",\"logo\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#\\\/schema\\\/logo\\\/image\\\/\",\"url\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/wp-content\\\/uploads\\\/2025\\\/05\\\/Threatshub_Favicon1.jpg\",\"contentUrl\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/wp-content\\\/uploads\\\/2025\\\/05\\\/Threatshub_Favicon1.jpg\",\"width\":432,\"height\":435,\"caption\":\"ThreatsHub.org\"},\"image\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#\\\/schema\\\/logo\\\/image\\\/\"},\"sameAs\":[\"https:\\\/\\\/x.com\\\/threatshub\"]},{\"@type\":\"Person\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#\\\/schema\\\/person\\\/12e0a8671ff89a863584f193e7062476\",\"name\":\"TH Author\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g\",\"url\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g\",\"contentUrl\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g\",\"caption\":\"TH Author\"}}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"Wicked Botnet Uses Passel of Exploits to Target IoT 2026 | ThreatsHub Cybersecurity News","description":"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security & Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/www.threatshub.org\/blog\/wicked-botnet-uses-passel-of-exploits-to-target-iot\/","og_locale":"en_US","og_type":"article","og_title":"Wicked Botnet Uses Passel of Exploits to Target IoT 2026 | ThreatsHub Cybersecurity News","og_description":"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security & Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.","og_url":"https:\/\/www.threatshub.org\/blog\/wicked-botnet-uses-passel-of-exploits-to-target-iot\/","og_site_name":"ThreatsHub Cybersecurity News","article_published_time":"2018-05-21T13:01:56+00:00","og_image":[{"width":680,"height":400,"url":"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2018\/05\/wicked-botnet-uses-passel-of-exploits-to-target-iot.jpg","type":"image\/jpeg"}],"author":"TH Author","twitter_card":"summary_large_image","twitter_creator":"@threatshub","twitter_site":"@threatshub","twitter_misc":{"Written by":"TH Author","Est. reading time":"4 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/www.threatshub.org\/blog\/wicked-botnet-uses-passel-of-exploits-to-target-iot\/#article","isPartOf":{"@id":"https:\/\/www.threatshub.org\/blog\/wicked-botnet-uses-passel-of-exploits-to-target-iot\/"},"author":{"name":"TH Author","@id":"https:\/\/www.threatshub.org\/blog\/#\/schema\/person\/12e0a8671ff89a863584f193e7062476"},"headline":"Wicked Botnet Uses Passel of Exploits to Target IoT","datePublished":"2018-05-21T13:01:56+00:00","mainEntityOfPage":{"@id":"https:\/\/www.threatshub.org\/blog\/wicked-botnet-uses-passel-of-exploits-to-target-iot\/"},"wordCount":828,"publisher":{"@id":"https:\/\/www.threatshub.org\/blog\/#organization"},"image":{"@id":"https:\/\/www.threatshub.org\/blog\/wicked-botnet-uses-passel-of-exploits-to-target-iot\/#primaryimage"},"thumbnailUrl":"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2018\/05\/wicked-botnet-uses-passel-of-exploits-to-target-iot.jpg","keywords":["closed circuit cameras","exploits","IoT","Malware","Malware analysis","netgear routers","omni","owari","sora","Vulnerabilities","wicked botnet"],"articleSection":["Threatpost"],"inLanguage":"en-US"},{"@type":"WebPage","@id":"https:\/\/www.threatshub.org\/blog\/wicked-botnet-uses-passel-of-exploits-to-target-iot\/","url":"https:\/\/www.threatshub.org\/blog\/wicked-botnet-uses-passel-of-exploits-to-target-iot\/","name":"Wicked Botnet Uses Passel of Exploits to Target IoT 2026 | ThreatsHub Cybersecurity News","isPartOf":{"@id":"https:\/\/www.threatshub.org\/blog\/#website"},"primaryImageOfPage":{"@id":"https:\/\/www.threatshub.org\/blog\/wicked-botnet-uses-passel-of-exploits-to-target-iot\/#primaryimage"},"image":{"@id":"https:\/\/www.threatshub.org\/blog\/wicked-botnet-uses-passel-of-exploits-to-target-iot\/#primaryimage"},"thumbnailUrl":"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2018\/05\/wicked-botnet-uses-passel-of-exploits-to-target-iot.jpg","datePublished":"2018-05-21T13:01:56+00:00","description":"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security & Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.","breadcrumb":{"@id":"https:\/\/www.threatshub.org\/blog\/wicked-botnet-uses-passel-of-exploits-to-target-iot\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/www.threatshub.org\/blog\/wicked-botnet-uses-passel-of-exploits-to-target-iot\/"]}]},{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.threatshub.org\/blog\/wicked-botnet-uses-passel-of-exploits-to-target-iot\/#primaryimage","url":"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2018\/05\/wicked-botnet-uses-passel-of-exploits-to-target-iot.jpg","contentUrl":"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2018\/05\/wicked-botnet-uses-passel-of-exploits-to-target-iot.jpg","width":680,"height":400},{"@type":"BreadcrumbList","@id":"https:\/\/www.threatshub.org\/blog\/wicked-botnet-uses-passel-of-exploits-to-target-iot\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/www.threatshub.org\/blog\/"},{"@type":"ListItem","position":2,"name":"closed circuit cameras","item":"https:\/\/www.threatshub.org\/blog\/tag\/closed-circuit-cameras\/"},{"@type":"ListItem","position":3,"name":"Wicked Botnet Uses Passel of Exploits to Target IoT"}]},{"@type":"WebSite","@id":"https:\/\/www.threatshub.org\/blog\/#website","url":"https:\/\/www.threatshub.org\/blog\/","name":"ThreatsHub Cybersecurity News","description":"%%focuskw%% Threat Intel \u2013 Threat Intel Services \u2013 CyberIntelligence \u2013 Cyber Threat Intelligence - Threat Intelligence Feeds - Threat Intelligence Reports - CyberSecurity Report \u2013 Cyber Security PDF \u2013 Cybersecurity Trends - Cloud Sandbox \u2013- Threat IntelligencePortal \u2013 Incident Response \u2013 Threat Hunting \u2013 IOC - Yara - Security Operations Center \u2013 SecurityOperation Center \u2013 Security SOC \u2013 SOC Services - Advanced Threat - Threat Detection - TargetedAttack \u2013 APT \u2013 Anti-APT \u2013 Advanced Protection \u2013 Cyber Security Services \u2013 Cybersecurity Services -Threat Intelligence Platform","publisher":{"@id":"https:\/\/www.threatshub.org\/blog\/#organization"},"alternateName":"Threatshub.org","potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/www.threatshub.org\/blog\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-US"},{"@type":"Organization","@id":"https:\/\/www.threatshub.org\/blog\/#organization","name":"ThreatsHub.org","alternateName":"Threatshub.org","url":"https:\/\/www.threatshub.org\/blog\/","logo":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.threatshub.org\/blog\/#\/schema\/logo\/image\/","url":"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2025\/05\/Threatshub_Favicon1.jpg","contentUrl":"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2025\/05\/Threatshub_Favicon1.jpg","width":432,"height":435,"caption":"ThreatsHub.org"},"image":{"@id":"https:\/\/www.threatshub.org\/blog\/#\/schema\/logo\/image\/"},"sameAs":["https:\/\/x.com\/threatshub"]},{"@type":"Person","@id":"https:\/\/www.threatshub.org\/blog\/#\/schema\/person\/12e0a8671ff89a863584f193e7062476","name":"TH Author","image":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/secure.gravatar.com\/avatar\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g","url":"https:\/\/secure.gravatar.com\/avatar\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g","caption":"TH Author"}}]}},"_links":{"self":[{"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/posts\/1001","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/users\/2"}],"replies":[{"embeddable":true,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/comments?post=1001"}],"version-history":[{"count":0,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/posts\/1001\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/media\/1002"}],"wp:attachment":[{"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/media?parent=1001"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/categories?post=1001"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/tags?post=1001"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}