[MART] - Daily Diary #441 - BotenaGo Botnet Source Code Leaked On GitHub

CTAS-MAT ctas-mat at appgate.com
Fri Jan 28 19:02:02 UTC 2022


Hello,

I hope everyone is doing well!

Below is the entry for today.

01/28/2022 - Diary entry #441:

Covered in our Daily Diary #389, BotenaGo is a botnet written in Go language that relies on 33 vulnerabilities - disclosed between 2013 and 2020 - to target millions of routers and IoT devices. It can be used to deploy additional payloads, acting as a malware-as-a-service.

Recently, its source code was found on GitHub but it has been there since October 2021. The source code is simple and very efficient, containing 33 exploits targeting multiple vendors and a reverse shell and telnet loaders that act both as a backdoor, to receive and execute commands sent by the attackers.

BotenaGo has been used lately to spread Mirai botnet malware, which is another botnet that had its source code leaked in 2016. Besides that, BotenaGo samples have a low AV detection rate and one of its Command & Control servers was found exploiting the Log4J vulnerability. We believe this source code leak will lead to an increase of new threats since it is easy to re-use BotenaGo's code now that it was made public.

Kind Regards,

[https://d3aafpijpsak2t.cloudfront.net/images/Signature/logo@2x.png]<https://www.appgate.com/>

[https://d3aafpijpsak2t.cloudfront.net/images/Signature/likedin@2x.png]<https://www.linkedin.com/company/appgate-security/>     [https://d3aafpijpsak2t.cloudfront.net/images/Signature/twitter@2x.png] <https://twitter.com/AppgateSecurity>   [https://d3aafpijpsak2t.cloudfront.net/images/Signature/youtube@2x.png] <https://www.youtube.com/channel/UC-8GvxcZbm-R3EJNl8jYjiQ>



Felipe Tarijon de Almeida
Malware Analyst
Appgate

E: felipe.tarijon at appgate.com<mailto:felipe.tarijon at appgate.com>
C: +55 11 97467 9549

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.immunityinc.com/pipermail/mart/attachments/20220128/f580e9ec/attachment.htm>


More information about the MART mailing list