MalwareJun 9, 2026
Botnet C2 tied to an unidentified #malware family trying to hide as FortiGate device š š Domai...
Botnet C2 uses malware disguised as a FortiGate device.
Summary
An unidentified malware family is operating a botnet command and control (C2) infrastructure that attempts to evade detection by masquerading as a legitimate FortiGate device. The C2 domain, az2030port.duckdns.org, is associated with the IP address 178.16.55.28, which is registered to Omegatech LTD in the Netherlands. The SSL certificate used for the C2 connection also impersonates Fortinet Ltd.
Indicators of Compromise
- domain ā az2030port.duckdns.org
- ip ā 178.16.55.28
- hash_sha256 ā f410091216543216543216543216543216543216543216543216543216543216
Entities
FortiGate (product)Fortinet (vendor)Botnet C2 (technology)