[MART] - Daily Diary #335 - Malware Types - Botnet

CTAS-MAT ctas-mat at appgate.com
Thu Aug 26 21:56:19 UTC 2021


Hello,

I hope everyone is doing well!

Below is the entry for today.

08/26/2021 - Diary entry #335:

Continuing the thread about malware types, today we are going to talk about Botnets. As covered in our Daily #333 about Backdoors, Botnet is very similar. It also provides access to an attacker into a system and both malware types are usually distributed by Droppers or Downloaders. The difference is very subtle: botnets are created for mass infection, and a single C&C server can command several infected machines at once. For that small difference, it's not uncommon for a malware to double as botnet and a backdoor.

As covered in our Daily #303, Trickbot is one of the largest botnets currently active. Each infected machine by Trickbot has a Bot ID and a group tag, which shows the campaign leading to the infection. Recently, the Diavol and Conti ransomware were spotted being deployed by Trickbot in the same attack. A botnet can be used as well to operate Distributed Denial of Service (DDoS) attacks, like the Mirai botnet which launched this type of attack recently, overloading Cloudflare with 17.2 million requests per second (rps), targeting an unnamed customer in the financial industry.

These threats are very common in the Ransomware as a Service (RaaS) business. A ransomware group affiliate can use these types of malware to provide to the group a way to exfiltrate data, execute commands and finally deploy the ransomware to encrypt data and infect as many devices as possible. The possibilities are infinite, so each type of malware has a key responsibility in an attack.

Kind Regards,

[https://d3aafpijpsak2t.cloudfront.net/images/Signature/logo@2x.png]<https://www.appgate.com/>

[https://d3aafpijpsak2t.cloudfront.net/images/Signature/likedin@2x.png]<https://www.linkedin.com/company/appgate-security/>     [https://d3aafpijpsak2t.cloudfront.net/images/Signature/twitter@2x.png] <https://twitter.com/AppgateSecurity>   [https://d3aafpijpsak2t.cloudfront.net/images/Signature/youtube@2x.png] <https://www.youtube.com/channel/UC-8GvxcZbm-R3EJNl8jYjiQ>



Felipe Tarijon de Almeida
Malware Analyst
Appgate

E: felipe.tarijon at appgate.com<mailto:felipe.tarijon at appgate.com>
O: +55 11 97467 9549

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.immunityinc.com/pipermail/mart/attachments/20210826/940d089b/attachment.htm>


More information about the MART mailing list