Request a Demo
Rewterz
Rewterz Threat Alert – Remcos RAT – Active IOCs
December 13, 2023
Rewterz
Rewterz Threat Advisory – CVE-2023-36010 – Microsoft Defender Vulnerability
December 14, 2023

Rewterz Threat Alert – Gafgyt aka Bashlite Malware – Active IOCs

Severity

High

Analysis Summary

Gafgyt is a type of malware that is used to conduct Distributed Denial of Service (DDoS) attacks. These attacks involve overwhelming a targeted website or server with a large amount of traffic to disrupt its normal functioning. Gafgyt malware is typically spread through phishing emails or by exploiting vulnerabilities in poorly secured Internet of Things (IoT) devices, such as routers and cameras. Once a device is infected, it can be controlled remotely by the attackers and used as part of a botnet to launch DDoS attacks. These botnets can be used to target websites or servers, and they have been used to disrupt a wide range of online services in the past. The TTPs (Tactics, Techniques, and Procedures) used by Gafgyt malware include:

  • Exploiting vulnerabilities: Gafgyt malware is often spread by exploiting known vulnerabilities in IoT devices, such as routers and cameras.
  • Phishing emails: Gafgyt malware can also be spread through phishing emails that contain malicious links or attachments.
  • Botnet: Once a device is infected, it becomes part of a botnet controlled by the attackers, which is used to launch DDoS attacks.
  • DDoS attacks: This malware is primarily used to conduct DDoS attacks, which involve overwhelming a targeted website or server with a large amount of traffic to disrupt its normal functioning.
  • Evasion: The malware is also known to have an advanced evasion technique, which allows it to avoid detection by security software.
  • Reconnaissance: Gafgyt malware also can scan the network and identify other vulnerable devices that can be infected and added to the botnet.

The malware is known to be modular, which allows attackers to add new capabilities to the malware as needed. This makes it a versatile threat that can be used for a wide range of attacks. Organizations should be aware of the threat posed by Gafgyt malware and take appropriate measures to protect their networks from DDoS attacks, such as implementing DDoS mitigation solutions.

Impact

  • Server Outage
  • Data Loss
  • Website Downtime

Indicators of Compromise

MD5

  • d65ad3be168677d549743d22c3c31e39
  • d3d07195cfc8c1794321bbce74890567
  • cfd453a099b0272a0b3cf3fb40851604
  • 6b1ae3dac01ee2d8b0fbdeda86e2d4fd
  • 3b7d4f8a55e9e96260890dd150bd33de
  • f0533f3e7c9d45236b13d0fcd6a68190
  • a4e9aceb43ff857930e47b77c0e28851

SHA-256

  • 6f8ff364f201598c18c7cda478026cd570e08a3fc9dcc15547283472a59ea10f
  • 90922a105d47fe682a8d4725202aa1fda02bf05c83182ed64de3fabf286d1b17
  • c62359b2457e2eeaa4d74003632babc177e8dd116bc857dcd54a3bf381e1e844
  • 94971c673aafb8b68ac6d5f00f2ca24612b1ae03047713617d6aaa8e4c830ad1
  • 392d81daa89dfaad4197b329517f0ffb658b9a42f9caecfc37b3b5dbf648b7bf
  • 7a4437b653591f820f2184cbbecf3cba33d33916a34bb0d42eca80a9407932ce
  • 869a819cc5d7804b045ceada60ed1ecd5580e0f1ed333f63243aa9fc1a757547

SHA-1

  • 58282630ca163574fd2bc6b771d181b29d2fe750
  • 1977a62aba04c734222657c010250aeb33d4b9ef
  • c49a0a3d097e927eb2cf961adf5dd4167d8bbbcf
  • 99170142bde1f955c6787f305e29026ceb16f743
  • 8ceb7c6a8d2365c02f90fda90c96aad304a5cda9
  • 3e78a71f338fe002c6c8edc54644322e2acfdd80
  • 1267a8d4f26a693446dcb1b6e248f0d5f714cc64

Remediation

  • Upgrade your operating system.
  • Don’t open files and links from unknown sources.
  • Install and run anti-virus scans.
  • Block all threat indicators at your respective controls.
  • Search for Indicators of compromise (IOCs) in your environment utilizing your respective security controls.