Re: SuperBox IPTV STBs

[Michael Veit via NANOG <nanog () lists nanog org>]

FYI: https://krebsonsecurity.com/2026/01/the-kimwolf-botnet-is-stalking-your-local-network/

- Michael Veit


Sent from Proton Mail for iOS.

-------- Original Message --------
On Tuesday, 01/06/26 at 15:26 Corey Smith via NANOG <nanog () lists nanog org> wrote:
I am curious if other Operators are seeing issues on their networks due to
users with Android STBs called SuperBox?
It appears there are some recent findings about a malware called KIMWOLF.

We are seeing several customers report issues due to their IP being added
to a block list.
Our Trouble department may swap out the customer's router, thinking it
could be bad. The new router gets a new IP, and It temperarlly fixes the
issue.

I am curious if other users have found a good way to identify this traffic?
I am also curious if you have implemented any Block lists that could be
shared with the Group that could help stop the traffic?

Thanks for any ideas you can share.
_______________________________________________
NANOG mailing list
https://lists.nanog.org/archives/list/nanog () lists nanog org/message/K44SCILZZOAWFOKZ5U7HHXTKDCGGF6BS/

Attachment: signature.asc
Description: OpenPGP digital signature

_______________________________________________
NANOG mailing list 
https://lists.nanog.org/archives/list/nanog () lists nanog org/message/VWRWNVTDMREQCVZIXYYYHAEUXBSXBF4Y/