MikroTik RouterOS 0-Day: mikrotik0417.zip / vigor20180417.zip

Some notes on the MikroTik RouterOs 0-day exploit: mikrotik0417.zip / vigor20180417.zip are the two payload files targeting Mikrotek routers. They have been seen from the following domains: Domains: 162.212.182[.]64 march10dom3[.]com march10dom5[.]com march10dom6[.]com march10dom7[.]com march10dom8[.]com marchdom4[.]com utyrhgfhtujyhrgef[.]com shabihello[.]com SHA256 of Payloads: 11bb98f34193d058b349b4e1f927dc4f f0ef1c888ed5f2f3f1c0c8e6f992749c 115a2cd858eb76edc6f4f7897e9f569b 18f64bdad09f4252121124499c4a713a Possible WhoIs Record related to these domains: [email protected]