Dissecting RapperBot Botnet: From Infection to DDoS & More
Essential information
- Published
- 03/09/2025 05:57
- Modified
- 03/09/2025 07:01
- Tags
- 2025-09-03 botnet ddos dns encryption exploit infrastructure iot nvr rapperbot
- Related entities
- 84 observables, 1 intrusion sets (apt), 11 techniques (mitre), 1 malware
Description
This report details the analysis of RapperBot, a sophisticated botnet targeting IoT devices, particularly Network Video Recorders (NVRs). The malware exploits vulnerabilities in these devices to create a large-scale DDoS infrastructure. The analysis covers the botnet's infection process, command and control mechanisms, and its evolution over time. Key features include the use of NFS for malware distribution, encrypted DNS TXT records for C2 communication, and a wide range of supported device architectures. The report also discusses recent law enforcement actions against the botnet and provides recommendations for protection against such threats.