[MART] - Daily Diary #389 - BotenaGo Botnet Exploiting Millions Devices

[CTAS-MAT]

Hello,

I hope everyone is doing well!

Below is the entry for today.

11/12/2021 - Diary entry #389:

BotenaGo is a new botnet written in Go language that might be under development or is part of a malware suite. BotenaGo relies on 33 vulnerabilities - disclosed between 2013 and 2020 - to target millions of routers and IoT devices.

Once installed, BotenaGo listens on ports 31412 and 19412. Next, it executes remote shell commands on compromised devices to deploy the next stages malware by using different links associated with different payloads, depending on the infected system. Some of the links used on attacks have connections with Mirai, another botnet mentioned in some of our Daily Diaries, that had its source code shared on hacking forums.

The next stage malware is still unknown, as the payloads had been removed by the attackers from the hosted servers. Botnets like BotenaGo are very dangerous since they target millions of vulnerable systems and can be commercialized as a Malware-as-a-service to other threat actors, such as Ransomware groups or cyber espionage campaigns.

Kind Regards,

[https://d3aafpijpsak2t.cloudfront.net/images/Signature/logo@2x.png]<https://www.appgate.com/>

[https://d3aafpijpsak2t.cloudfront.net/images/Signature/likedin@2x.png]<https://www.linkedin.com/company/appgate-security/>     [https://d3aafpijpsak2t.cloudfront.net/images/Signature/twitter@2x.png] <https://twitter.com/AppgateSecurity>   [https://d3aafpijpsak2t.cloudfront.net/images/Signature/youtube@2x.png] <https://www.youtube.com/channel/UC-8GvxcZbm-R3EJNl8jYjiQ>



Felipe Tarijon de Almeida
Malware Analyst
Appgate

E: felipe.tarijon at appgate.com<mailto:felipe.tarijon at appgate.com>
O: +55 11 97467 9549

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.immunityinc.com/pipermail/mart/attachments/20211112/e90fe770/attachment.htm>