Hinata Bot – Go Based Bots
Share this:
A new Go-based malware named Hinata is the latest botnet focused on DDoS attacks. This is named after a character from the popular anime series Naruto.
Researchers named the new botnet HinataBot. Threat actors behind this have been active since at least December 2022, but only began developing their own malware in mid-January 2023. As per the researchers still they haven’t been able to observe attacks outside of launching them at themselves so far.
A sample of the malware was discovered in HTTP and SSH honeypots abusing weak credentials and old remote code execution vulnerabilities — one dating back almost a decade. The Akamai researchers said the infection attempts they observed include the exploitation of the mined SOAP service on Realtek SDK devices (CVE-2014-8361), Huawei HG532 routers (CVE-2017-17215), and exposed Hadoop YARN servers (CVE N/A).
Organisations deploy services and forget about managing the infrastructure. Attackers continue to find these resources and then use them to further attacks on other organizations. The exploitation of a vulnerability that was nearly 10-years-old.
A new DDoS botnet simply means more resources used by criminals to attempt to knock services offline. So, using DDoS protection services remains important because it’s only a growing attack particularly in a period of geopolitical and economic turmoil.
Go has become best known for its ability to cross-compile for different architectures and its ease of use, which makes it attractive to threat actors
Regardless of what language malware is written in, threat actors still must land their payload. The selected language may give an attacker some more options, but properly configured and maintained defenses will still reduce an organization’s threat surface
This research was documented by researchers from Akamai
Indicators of Compromise
IP Address
- 77.73.131.247
- 156.236.16.237
- 185.112.83.254
Ports
- 61420
- 4120
CVEs
- CVE-2017-17215
- CVE-2014-8361
File Names
- tftp.sh
- wget.sh
- hinata-linux.amd64
- hinata-windows-arm5
- hinata-plan9-arm5
- hinata-openbsd-arm5
- hinata-netbsd-arm5
- hinata-linux-arm5
- hinata-freebsd-arm5
- hinata-windows-arm7
- hinata-windows-arm64.exe
- hinata-windows-arm6
- hinata-windows-arm
- hinata-windows-amd64.exe
- hinata-windows-386.exe
- hinata-solaris-amd64
- hinata-plan9-arm7
- hinata-plan9-arm6
- hinata-plan9-arm
- hinata-plan9-amd64
- hinata-plan9-386
- hinata-openbsd-mips64
- hinata-openbsd-arm7
- hinata-openbsd-arm64
- hinata-openbsd-arm6
- hinata-openbsd-arm
- hinata-openbsd-amd64
- hinata-openbsd-386
- hinata-netbsd-arm7
- hinata-netbsd-arm64
- hinata-netbsd-arm6
- hinata-netbsd-arm
- hinata-netbsd-amd64
- hinata-netbsd-386
- hinata-linux-s390x
- hinata-linux-riscv64
- hinata-linux-ppc64le
- hinata-linux-ppc64
- hinata-linux-mipsle
- hinata-linux-mips64le
- hinata-linux-mips64
- hinata-linux-mips
- hinata-linux-arm7
- hinata-linux-arm64
- hinata-linux-arm6
- hinata-linux-arm
- hinata-linux-amd64
- hinata-linux-386
- hinata-js-wasm
- hinata-illumos-amd64
- hinata-freebsd-arm7
- hinata-freebsd-arm64
- hinata-freebsd-arm6
- hinata-freebsd-arm
- hinata-freebsd-amd64
- hinata-freebsd-386
- hinata-dragonfly-amd64
- hinata-darwin-arm64
- hinata-darwin-amd64
- hinata-android-arm64
- hinata-aix-ppc64
Hashes
- 01422e34b2114c68cdb6ce685cd2e5673bbe5652259a0c4b862d5de2824a9375
- 1b958fd718f1419700c53fed10807e873e8399c354877b0a3dfceac7a8581456
- 8a84dc2a9a06b1fae0dd16765509f88f6f54559c36d4353fd040d02d4563f703
- 4aba67fdd694219ff0dff07ebd444ed154edacc00c3a61f9b661eabe811a0446
- 71154ad6bd1a8a79fc674c793bb82b8e7d1371eca0f909c6e4a98ef8e7f5d1da
- c6a7e25290677cc7b9331343166b140f2c320764a815b241747e6913b1a386d9
- 92adfbe6aae06d7c99469aeb6551db8eee964b589f2b8774e29d987cfbd0e0d6
- 8eda08ce362c09b5f45772467f94d5370068c1798f78c5316f15647ac898c621
- ff7638c0c893c021c3a059a21a71600249881afd84dc0d751d99db1c8edd3cac
- a3fac6fea9201c3c3eaae47bd95e0be93e91298e48df75540958834f9e75ac4d
- 9875bb9dd6d159a3b327de80e151ef7f3831c0d6833ae781490d68e426b73680
- 6ec35ef48ffdf9a92aa8845c336b327c280e1f20d7130ba0856540aed3233bbc
- C0aa34dd8dbf654d5230d4ef1db61f9befc89a0ea16cb7757edbf8a8090c9146
- 5643bf01e113de246575a9ec39ea12a85f9babb6ac069132ad8d1a7bfa56ed1b
- 845134ee7335f07b23e081f024cad5cbfc9ef453d6e2adc7970d6543292e5bcc
- 995681f388f5e0a405c282ae9ce22dc41f2249f0f5208254e1eec6e302d7ad7d
- 07326cce5325eabbe1caa2b3f8a4ab78e7913b65703c0afc3bab808441c30688
- 61181b4b7b7040ce4ab9c489a2b857f5a7fe8407c422327fff798f3b55e0cbe3
- 75c050580725279a6592eecc2b02b6fa78f5469c2f08fb1d0e2fe616beb8bf0d
- E3427838132b6161f10e77d0beca1beac90c63a8ccc4aabd523041aec25aab67
