Over the last several months we have continued to see and report on NETCORE and MicroTik exploits. This activity continually is scanning for vulnerable home router that have built in backdoors.
Many of these attackers are scanning the entire Internet range daily and are actively exploiting routers and devices.
References:
IOCS:
157.230.177.247 157.230.210.130 157.230.210.168 157.230.212.142 167.99.109.241 178.128.15.117 185.244.25.220 209.141.50.166
Additional IOCS 2/14/2019:
134.209.12.27 134.209.12.30 206.189.69.229