December 11, 2023

EnemyBot malware botnet expanding its target list with recently-discovered vulnerabilities in F5 hardware and VMware software.

Initially discovered in March 2022, EnemyBot’s original target was the wide range of Linux variants used in IoT devices. But the recent analysis released by AT&T Alien Labs showed EnemyBot is launching attacks against a number of most recent vulnerabilities in content management systems, web servers, F5 hardware, and VMware software.

Advertisements

There’s quite a list of targets in the AT&T analysis, with the high-profile Log4j remote code execution (RCE) vulnerabilities from last year (CVE-2021-44228 and CVE-2021-45046), a VMware Workspace ONE vulnerability (CVE-2022-22954) discovered in April, and a REST vulnerability in F5’s BIG-IP application delivery server (CVE-2022-1388) published in May.

Nine of the vulnerabilities, including several in WordPress plugins and one in Adobe ColdFusion 11 discovered in February, have no CVE assigned.

If EnemyBot successfully infects a target, it will try to find other vulnerable hosts to infect.

Advertisements

Its C&C servers can also invoke a range of commands on EnemyBot, including various DDoS tools, shell commands, reverse shell creation, and a TLS attack. It will also try to infect Android devices connected through the USB port.

Indicators of Compromise

  • 7c0fe3841af72d55b55bc248167665da5a9036c972acb9a9ac0a7a21db016cc6
  • 2abf6060c8a61d7379adfb8218b56003765c1a1e701b346556ca5d53068892a5
  • 7785efeeb495ab10414e1f7e4850d248eddce6be91738d515e8b90d344ed820d
  • 8e711f38a80a396bd4dacef1dc9ff6c8e32b9b6d37075cea2bbef6973deb9e68
  • 31a9c513a5292912720a4bcc6bd4918fc7afcd4a0b60ef9822f5c7bd861c19b8
  • 139e1b14d3062881849eb2dcfe10b96ee3acdbd1387de82e73da7d3d921ed806
  • 4bd6e530db1c7ed7610398efa249f9c236d7863b40606d779519ac4ccb89767f
  • 7a2a5da50e87bb413375ecf12b0be71aea4e21120c0c2447d678ef73c88b3ba0
  • ab203b50226f252c6b3ce2dd57b16c3a22033cd62a42076d09c9b104f67a3bc9
  • 70674c30ed3cf8fc1f8a2b9ecc2e15022f55ab9634d70ea3ba5e2e96cc1e00a0
  • f4f9252eac23bbadcbd3cf1d1cada375cb839020ccb0a4e1c49c86a07ce40e1e
  • 6a7242683122a3d4507bb0f0b6e7abf8acef4b5ab8ecf11c4b0ebdbded83e7aa
  • b63e841ded736bca23097e91f1f04d44a3f3fdd98878e9ef2a015a09950775c8
  • 4869c3d443bae76b20758f297eb3110e316396e17d95511483b99df5e7689fa0
  • cdf2c0c68b5f8f20af448142fd89f5980c9570033fe2e9793a15fdfdadac1281
Tags:

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.

You may have missed

TheCyberThrone Security Week In Review – December 2nd & 10th, 2023

December 10, 2023

5Ghoul Vulnerabilities affects 5G devices

December 10, 2023

Microsoft EDGE Browser Critical Sandbox Escape Vulnerability – CVE-2023-35618

December 9, 2023

WordPress POP CMS Vulnerability

December 9, 2023

Apache Struts fixes Critical Vulnerability – CVE-2023-50164

December 8, 2023

Meta enables Messenger with E2EE by Default

December 8, 2023 2
%d