If a targeted device is compromised, attackers can gain complete control, enabling them to extract system information, establish communication with a C2 server, and then use these devices to launch further attacks, such as distributed denial-of-service (DDoS). This vulnerability allows remote attackers to execute arbitrary commands via a GetDeviceSettings action on the HNAP interface.
Disclaimer: This article is part of X-Force OSINT Advisories automated collection to enable faster integration of open-source articles to client environments. All credit and copyright goes to the original authors.
Reference:
https://www.fortinet.com/blog/threat-research/new-goldoon-botnet-targeting-d-link-devices
Sample Indicators of Compromise:
b050a1ff0d205f392195179233493ff5b6f44adc93fe0dba1f78c4fe90ebcc46ffd2d3888b6b1289e380fa040247db6a4fbd2555db3e01fadd2fe41a0fa2debc5631980fab33525f4de1b47be606cd518403f54fa71b81186f02dbf7e9ed0004c81cfe4d3b98d0b28d3c3e7812beda005279bc6c67821b27571240eba440fa49fdf6dae772f7003d0b7cdc55e047434dbd089e0dc7664a3fae8ccfd9d10ece8c
