JenX
JenX is a Mirai botnet variant associated with distributed denial-of-service (DDoS) activity. The provided content references JenX as one of multiple DDoS botnets and notes that it has used scanning for port 52869, associated with the Realtek SDK miniigd daemon, as an exploitation approach also seen in Satori. The content also states that exposed OSGeo GeoServer instances vulnerable to CVE-2024-36401 were used to deliver a Mirai variant dubbed JenX. No additional high-confidence details on JenX’s operators, persistence mechanisms, specific targets, or indicators of compromise are provided in the source content beyond its use as botnet malware and its association with GeoServer exploitation and Realtek-related targeting behavior.
Hunt this family in your stack
Mallory pivots from this family to the IOCs, detections, and named campaigns that touch your stack, and pages you when something new lands.
Techniques & procedures
1 distinct technique documented for this family, organized by ATT&CK tactic.
Recent activity
2 sources tracked across advisories, community write-ups, and news. New activity surfaces here as Mallory finds it.
A named DDoS botnet referenced as having previously used the same Realtek router targeting approach.
Mirai botnet variant delivered via exploitation of GeoServer (CVE-2024-36401).
The version that knows your environment.
Match every observed IP, domain, and hash against your live telemetry.
Named campaigns wielding this family, with evidence pinned to each claim.
CVEs this family uses for access and lateral movement.
YARA, Sigma, Snort, and vendor rules, auto-deployed to your SIEM.
Every documented technique, ranked by evidence weight.
Reddit, Mastodon, and CTI community discussion around this family.