Quad7 Botnet Operators

Also known as: Quad7 Botnet Operators

7777 or Quad7 is a botnet used to compromise network devices such as TP-LINK small office/home office (“SOHO”) routers and use the infected devices to relay password spraying attacks against Microsoft 365 accounts.[Sekoia.io Blog July 23 2024][Sekoia.io Blog September 9 2024] This object reflects the various Techniques observed in use by the threat actors known to operate this botnet.

Introduction

7777 or Quad7 is a botnet used to compromise network devices such as TP-LINK small office/home office (“SOHO”) routers and use the infected devices to relay password spraying attacks against Microsoft 365 accounts.[Sekoia.io Blog July 23 2024][Sekoia.io Blog September 9 2024] This object reflects the various Techniques observed in use by the threat actors known to operate this botnet.

Activities and Tactics

Information pending cataloguing.

Notable Campaigns

Information pending cataloguing.

Tactics, Techniques, and Procedures (TTPs)

Information pending cataloguing.

Notable Indicators of Compromise (IOCs)

No curated IOCs are currently published for this actor. This section will be updated when stable, attributable indicators are available.

Malware and Tools

  • Small-Net:

Attribution and Evidence

Information pending cataloguing.

References

[1] [Sekoia.io Blog July 23 2024 [2] [Sekoia.io Blog September 9 2024