Frog4Shell — FritzFrog Botnet Adds One-Days to Its Arsenal [Friday, February 02, 2024]

The Akamai Security Intelligence Group (SIG) has uncovered details about a new variant of the FritzFrog botnet, which abuses the 2021 Log4Shell vul...
Frog4Shell — FritzFrog Botnet Adds One-Days to Its Arsenal [Friday, February 02, 2024]
Frog4Shell — FritzFrog Botnet Adds One-Days to Its Arsenal

Frog4Shell — FritzFrog Botnet Adds One-Days to Its Arsenal

Description :
The Akamai Security Intelligence Group (SIG) has uncovered details about a new variant of the FritzFrog botnet, which abuses the 2021 Log4Shell vulnerability. Over the years we have seen more than 20,000 FritzFrog attacks, and 1,500+ victims. The malware infects internet-facing servers by brute forcing weak SSH credentials. Newer variants now read several system files on compromised hosts to detect potential targets for this attack that have a high likelihood of being vulnerable. The malware also includes a module to exploit CVE-2021-4034, a privilege escalation in the polkit Linux component. This module enables the malware to run as root on vulnerable servers.

Published Created Modified
2024-02-02 12:07:56 2024-02-02 12:07:56 2024-02-02 12:36:32

Tags

Indicators

Malwares :
  • Log4Shell
Hashes :
  • 52b11d3fa9206f51c601bd85cb480102fd938894b7274fac3d20915eb3af44f8
  • 85cb8ceda7d2a29bc7c6c96dd279c43559797a624fc15d44da53ca02379afe01
  • f77ab04ee56f3cd4845d4a80c5817a7de4f0561d976d87563deab752363a765d
  • 0b95071c657f23d4d8bfa39042ed8ad0a1c1bceb6b265c1237c12c4c0818c248
  • fb3371dd45585763f1436afb7d64c202864d89ee6cbb743efac9dbf1cefcc291
MITRE ATT&CK Techniques :

External References

You can download the txt file containing the indicators by clicking on the button below:

About the author
Julien B.

Securitricks

Up-to-Date Cybersecurity Insights & Malware Reports

Securitricks

Great! You’ve successfully signed up.

Welcome back! You've successfully signed in.

You've successfully subscribed to Securitricks.

Success! Check your email for magic link to sign-in.

Success! Your billing info has been updated.

Your billing was not updated.