Tag
Tenda W308R DNS Hijacking Vulnerability (CVE-2018-25316)
2 rules 1 TTP 1 CVETenda W308R v2 V5.07.48 is vulnerable to cookie session weakness, allowing unauthenticated attackers to modify DNS settings via crafted GET requests to redirect user traffic to malicious sites.
Tenda Router DNS Hijacking via Cookie Session Weakness
2 rules 1 TTP 1 CVETenda W3002R/A302/W309R routers with firmware V5.07.64_en are vulnerable to unauthenticated DNS hijacking, where attackers exploit a cookie session weakness to modify DNS settings via crafted GET requests.
Tenda FH303/A300 DNS Hijacking Vulnerability (CVE-2018-25318)
2 rules 1 TTP 1 CVETenda FH303/A300 firmware V5.07.68_EN contains a session weakness vulnerability (CVE-2018-25318) that allows unauthenticated attackers to modify DNS settings by exploiting insufficient cookie validation, potentially redirecting user traffic to malicious sites.
Mac Malware of 2018 Retrospective
3 rules 1 TTP 4 IOCsThis brief analyzes Mac malware discovered in 2018, including OSX.Mami, a DNS hijacker distributed via browser popups, and CrossRAT, a cross-platform Java-based backdoor likely spread through phishing, highlighting infection vectors, persistence mechanisms, and capabilities.
OSX/MaMi DNS Hijacking Malware
2 rules 4 TTPs 6 IOCsOSX/MaMi is a macOS malware that hijacks DNS settings and installs a malicious certificate into the system keychain to intercept network traffic, while also possessing capabilities for taking screenshots, simulating mouse events, persisting as a launch item, downloading and uploading files, and executing commands.