The zip attachment contains an xls file: This starts a powershell script, which contacts various URLs and downloads the dll, activating the malware infection chain.
Fortinet cybersecurity experts: Threat actors leverage the critical vulnerability CVE-2021-36260 to install and run the malware, a Mirai botnet variant.
Cryptolaemus cybersecurity experts: It is spread via spam emails with a zip, an xls or a doc attachment, which downloads a dll starting the malware infection.
Qrator cybersecurity experts: It has been used to a huge DDoS attack on Yandex (21.8 rps). Bots are devices connected through Ethernet connection – network.
Cloudflare cybersecurity experts: The aggression was launched by more than 20,000 Mirai’s bots in 125 countries. Many of them originated from Indonesia, India and Brazil.