Security analysts say that Moobot was first active in April 2020. They say the botnet sought to compromise many types of fiber routers using a pair of zero-day exploits.
What stands out about the Moobot is a string of hardcode that is seen several times throughout the code. Besides, it generates the process name that is used during its execution, according to AT&T.