[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"$f1EFQ_VJS-qZL3iabb4iE69ODLsirIWkvQjBKmItNZZg":3},{"article":4,"iocs":39},{"id":5,"title":6,"slug":7,"summary":8,"ai_summary":9,"brief":10,"full_text":11,"url":12,"image_url":13,"published_at":14,"ingested_at":15,"relevance_score":16,"entities":17,"category_id":27,"category":28,"article_tags":31},"a1d343f6-a394-48d0-9d3f-618cf790813f","Botnet C2 tied to an unidentified #malware family trying to hide as FortiGate device ๐Ÿ˜œ\n\n๐ŸŒ Domai...","botnet-c2-tied-to-an-unidentified-malware-family-trying-to-hide-as-fortigate-dev-4c90c6","Botnet C2 tied to an unidentified #malware family trying to hide as FortiGate device ๐Ÿ˜œ\n\n๐ŸŒ Domain: az2030port.duckdns .org\n๐Ÿ“ก C2: 178.16.55.28:2030 โžก๏ธ Omegatech LTD ๐Ÿ‡ณ๐Ÿ‡ฑ\n๐Ÿ” SSL certificate: FortiGate, O=Fortinet Ltd.\n\nCorresponding malware samples โคต๏ธ\nhttps:\u002F\u002Ft.co\u002FcgBXP65js7 https:\u002F\u002Ft.co\u002FADRiC8wpjF","An unidentified malware family is operating a botnet command and control (C2) infrastructure that attempts to evade detection by masquerading as a legitimate FortiGate device. The C2 domain, az2030port.duckdns.org, is associated with the IP address 178.16.55.28, which is registered to Omegatech LTD in the Netherlands. The SSL certificate used for the C2 connection also impersonates Fortinet Ltd.","Botnet C2 uses malware disguised as a FortiGate device.",null,"https:\u002F\u002Fx.com\u002Fabuse_ch\u002Fstatus\u002F2064421055515570412","https:\u002F\u002Fpbs.twimg.com\u002Fmedia\u002FHKZKVq_WAAAinMh.png","2026-06-09T18:55:09+00:00","2026-06-09T19:00:09.956505+00:00",7,[18,21,24],{"name":19,"type":20},"FortiGate","product",{"name":22,"type":23},"Fortinet","vendor",{"name":25,"type":26},"Botnet C2","technology","89f78b1c-3503-45a1-9fc7-e23d2ce1c6d5",{"id":27,"icon":11,"name":29,"slug":30},"Malware","malware",[32,34],{"category":33},{"id":27,"icon":11,"name":29,"slug":30},{"category":35},{"id":36,"icon":11,"name":37,"slug":38},"e7b231c8-5f79-4465-8d38-1ef13aea5a14","Threat Intelligence","threat-intelligence",[40,44,48],{"type":41,"value":42,"context":43},"domain","az2030port.duckdns.org","Botnet C2 domain",{"type":45,"value":46,"context":47},"ip","178.16.55.28","Botnet C2 IP address",{"type":49,"value":50,"context":51},"hash_sha256","f410091216543216543216543216543216543216543216543216543216543216","Malware sample 2"]