Amadey Botnet – Active IOCs
January 29, 2025ICS: Multiple Rockwell Automation Vulnerabilities
January 29, 2025Amadey Botnet – Active IOCs
January 29, 2025ICS: Multiple Rockwell Automation Vulnerabilities
January 29, 2025Severity
High
Analysis Summary
Gafgyt is a type of malware that is used to conduct Distributed Denial of Service (DDoS) attacks. These attacks involve overwhelming a targeted website or server with a large amount of traffic to disrupt its normal functioning. Gafgyt malware is typically spread through phishing emails or by exploiting vulnerabilities in poorly secured Internet of Things (IoT) devices, such as routers and cameras. Once a device is infected, it can be controlled remotely by the attackers and used as part of a botnet to launch DDoS attacks. These botnets can be used to target websites or servers, and they have been used to disrupt a wide range of online services in the past. The TTPs (Tactics, Techniques, and Procedures) used by Gafgyt malware include:
- Exploiting vulnerabilities: Gafgyt malware is often spread by exploiting known vulnerabilities in IoT devices, such as routers and cameras.
- Phishing emails: Gafgyt malware can also be spread through phishing emails that contain malicious links or attachments.
- Botnet: Once a device is infected, it becomes part of a botnet controlled by the attackers, which is used to launch DDoS attacks.
- DDoS attacks: This malware is primarily used to conduct DDoS attacks, which involve overwhelming a targeted website or server with a large amount of traffic to disrupt its normal functioning.
- Evasion: The malware is also known to have an advanced evasion technique, which allows it to avoid detection by security software.
- Reconnaissance: Gafgyt malware also can scan the network and identify other vulnerable devices that can be infected and added to the botnet.
The malware is known to be modular, which allows attackers to add new capabilities to the malware as needed. This makes it a versatile threat that can be used for a wide range of attacks. Organizations should be aware of the threat posed by Gafgyt malware and take appropriate measures to protect their networks from DDoS attacks, such as implementing DDoS mitigation solutions.
Impact
- Server Outage
- Data Loss
- Website Downtime
Indicators of Compromise
MD5
74a90e25d193dd7c75c163a026a92a91
0087aff425491fc663832b6086a0af65
4f0ac0d6dee48aa589b7b28a06b6c2eb
2a10f85ccfc311991e104e73311a8195
464bfcb3b46453ec67ba3710acd72b8a
55f5c618362ee503841bad41e8807d7b
SHA-256
45404030b9f6a2c038ef802757f1d50ba8856926b8532ff9c5b7ec5a26db1ebf
ada2b7915e1cc93260b4c8c1f2a0bcce9576a500dc7eeff16e5a6a93500122cb
bddd6bff32abe7920a949a01bdcd107a754fea32b32abf21e7b80d8c74344e04
b622af2d6b1c843142a64addb1a33d401f50a31ee5dd7fa3c7924fe57e68d07f
2bf82579fb359cec6396e8acbfc89203f72f175820ab943c312b45a510fb6154
b8e53677bbe6a7830944eeb4c413f0484604acf76ce9591e78940404ca34b904
SHA-1
72d5bae87f4da8a1638dee480942b7ce939b95d6
e054e4e3b3ecb83546930527202e5639d9b500aa
5fa1fad40bdb8f31dbb4bbb6324a4152dfe5e572
998a6585aa5b40f29da8daecbe8e276baac47a45
f27d549321f84f09cab761077b6e7834c0784e5d
24bbb9881c386daed6726805bb2936c1c47fd7a9
Remediation
- Block all threat indicators at your respective controls.
- Search for indicators of compromise (IOCs) in your environment utilizing your respective security controls.
- Upgrade your operating system.
- Don't open files and links from unknown sources.
- Install and run anti-virus scans.