Today > vulnerabilities   -   You can now download lists of IOCs here!

Gayfemboy: A Botnet Deliver Through a Four-Faith Industrial Router 0-day Exploit.

Jan. 8, 2025, 10:14 a.m.

Tags
ddos
botnet
CVE-2024-12856
four-faith
2025-01-08
0-day
gayfemboy
industrial-router
External References
Description

The Gayfemboy botnet, discovered in February 2024, has evolved from a simple Mirai derivative into a sophisticated large-scale botnet. It exploits a 0-day vulnerability in Four-Faith industrial routers and unknown vulnerabilities in other devices to spread. With over 15,000 daily active nodes across 40 grouping categories, it targets multiple countries and industries. The botnet's capabilities include self-updating, scanning, and various DDoS attack methods. It has shown aggressive behavior, retaliating against attempts to analyze it. The botnet's evolution demonstrates the persistent threat of DDoS attacks and the need for comprehensive defense strategies.

Date

Published: Jan. 8, 2025, 9:45 a.m.

Created: Jan. 8, 2025, 9:45 a.m.

Modified: Jan. 8, 2025, 10:14 a.m.

Indicators

209.141.57.222

209.141.55.38

209.141.35.56

203.23.159.152

152.32.237.129

124.71.235.245

123.249.94.157

123.249.99.231

123.249.91.159

123.249.90.23

123.249.82.229

123.249.87.110

123.249.82.162

123.249.68.177

123.249.64.207

123.249.126.147

123.249.116.81

123.249.116.30

123.249.109.227

123.249.103.79

108.233.83.51

101.43.141.112

1.13.102.222

45.145.41.175

123.249.111.22

107.189.28.60

101.42.158.190

209.141.32.148

185.16.39.37

123.249.90.104

178.211.139.105

70.36.99.15

95.214.54.53

198.98.54.234

178.211.139.196

5.181.188.158

193.34.214.123

77.90.22.35

178.211.139.241

45.95.147.211

37.114.63.100

193.42.12.166

209.141.51.21

45.148.10.230

77.90.22.10

94.156.10.164

94.156.10.163

176.97.210.250

45.142.122.187

45.142.182.126

209.141.32.195

45.128.232.200

193.32.162.34

198.98.51.91

meowware.ddns.net

itns.net

Download all indicators here!

Attack Patterns

Gayfemboy

Mirai

Gayfemboy

T1587

T1571

T1016

T1070

T1547

T1082

T1595

T1102

T1046

T1036

T1498

T1027

T1190

T1059

CVE-2013-7471

CVE-2024-12856

CVE-2024-8957

CVE-2024-8956

Additional Informations

Singapore

Iran, Islamic Republic of

China

Germany

United Kingdom of Great Britain and Northern Ireland

United States of America

Russian Federation