Some notes on the MikroTik RouterOs 0-day exploit:
mikrotik0417.zip / vigor20180417.zip are the two payload files targeting Mikrotek routers.
They have been seen from the following domains:
Domains:
- 162.212.182[.]64
- march10dom3[.]com
- march10dom5[.]com
- march10dom6[.]com
- march10dom7[.]com
- march10dom8[.]com
- marchdom4[.]com
- utyrhgfhtujyhrgef[.]com
- shabihello[.]com
SHA256 of Payloads:
- 11bb98f34193d058b349b4e1f927dc4f
- f0ef1c888ed5f2f3f1c0c8e6f992749c
- 115a2cd858eb76edc6f4f7897e9f569b
- 18f64bdad09f4252121124499c4a713a
Possible WhoIs Record related to these domains:
[email protected]