Today > 1 Critical | 5 High | 20 Medium vulnerabilities   -   You can now download lists of IOCs here!

New Threat: A Deep Dive Into the Zergeca Botnet

July 5, 2024, 4:21 p.m.

Description

An analysis of a newly discovered botnet named Zergeca, implemented in Go language, with capabilities for DDoS attacks, proxying, scanning, self-upgrading, persistence, file transfer, reverse shell, and collecting sensitive device information. The report delves into the botnet's unique features, including its multi-DNS resolution methods, encrypted communication protocol, and connection to a previously used IP address associated with Mirai botnets. The analysis covers sample detection, infrastructure details, reverse engineering findings, and provides insights into the author's techniques and expertise.

Date

Published: July 5, 2024, 3:33 p.m.

Created: July 5, 2024, 3:33 p.m.

Modified: July 5, 2024, 4:21 p.m.

Indicators

cea6e4aa15d7c6a2b2c794a660afaf96d43462e0b74436600a2c8a2288ad0c27

b55b1947a11de7ee2cb3aaede12ce15c85abf2b607d1ebd8f5ed56e3a6ef7c43

7e62e3e8911c0cb19df3477df0603fddeff82223e1cc6da7fb1698f512ff2cd2

6b81d548c0fbd7a2275bb0d29deca0de96c1584ce7aadaf4f5dac3cb28ee9c29

7db9189afd00c2b60b7f892ef1b86d040fb1cf02145c7d2e414ef77ba3335c11

2e9df8987212300815928e0426e9358b1380a1eaba38270d03dd69e421686b5b

0dbbe5616de71c5753768de555203fb9eb2f1e72a8cb5bdce0559bc5cdfa3b2e

31.6.16.33

145.239.108.150

84.54.51.82

bot.hamsterrace.space

network.target

multi-user.target

Attack Patterns

Zergeca

T1609

T1195.002

T1021.001

T1583.003

T1059.004

T1071.001

T1059.002

T1082

T1499

T1190

Additional Informations

Canada

Germany

United States of America