MikroTik RouterOS 0-Day: mikrotik0417.zip / vigor20180417.zip

Some notes on the MikroTik RouterOs 0-day exploit:

mikrotik0417.zip / vigor20180417.zip are the two payload files targeting Mikrotek routers.

They have been seen from the following domains:


  1. 162.212.182[.]64
  2. march10dom3[.]com
  3. march10dom5[.]com
  4. march10dom6[.]com
  5. march10dom7[.]com
  6. march10dom8[.]com
  7. marchdom4[.]com
  8. utyrhgfhtujyhrgef[.]com
  9. shabihello[.]com

SHA256 of Payloads:

  • 11bb98f34193d058b349b4e1f927dc4f
  • f0ef1c888ed5f2f3f1c0c8e6f992749c
  • 115a2cd858eb76edc6f4f7897e9f569b
  • 18f64bdad09f4252121124499c4a713a

Possible WhoIs Record related to these domains:
[email protected]

Leave a Reply

Your email address will not be published. Required fields are marked *