Satori
Satori is a Mirai variant/botnet. The provided content states that it infected more than 260,000 routers by exploiting a vulnerability in D-Link DSL-2750B devices. It is also linked by Netlab 360 to exploitation activity targeting Xiongmai-based IoT video surveillance devices, specifically reported exploitation of CVE-2018-10088. The content places Satori among Mirai-derived threats that target insecure IoT devices and are associated with botnet activity and DDoS operations. No nation-state attribution is provided in the content. Known alias in the provided data: satori.
Know when an actor pivots toward your sector
Mallory correlates actor tradecraft and target patterns against your stack, your sector, and your geography. See overlap before they land.
Tradecraft
7 distinct techniques observed across reporting, grouped by tactic. Hover any cell for the evidence excerpt; click through for MITRE's full description.
Recent activity
3 sources tracked across advisories, community write-ups, and news. New activity surfaces here as Mallory finds it.
Mirai-associated botnet activity cluster noted for mass router infections via exploitation of D-Link DSL-2750B devices.
Botnet reported by a third party (Netlab 360) as being linked to exploitation activity against Xiongmai devices, in the context of CVE-2018-10088 exploitation claims.
Botnet reported by a third party (Netlab 360) as being linked to exploitation activity against Xiongmai devices, in the context of CVE-2018-10088 exploitation claims.
The version that knows your environment.
Match sector + geo + tech-stack targeting against your real footprint.
Every observed MITRE ATT&CK technique, grouped by tactic.
Families this actor is known to deploy, with IOCs and behavior.
CVEs this actor has used in known campaigns.
YARA, Sigma, Snort, and vendor rules, auto-deployed to your SIEM.
Domains, IPs, and hashes tied to this actor, refreshed continuously.