New Threat: A Deep Dive Into the Zergeca Botnet
Essential information
- Published
- 05/07/2024 15:33
- Modified
- 05/07/2024 16:21
- Tags
- 2024-07-05 CVE-2016-20016 CVE-2017-17215 CVE-2018-10561 CVE-2018-10562 CVE-2022-35733 botnet ddos go persistence zergeca
- Related entities
- 13 observables, 10 techniques (mitre), 1 malware, 3 others
Description
An analysis of a newly discovered botnet named Zergeca, implemented in Go language, with capabilities for DDoS attacks, proxying, scanning, self-upgrading, persistence, file transfer, reverse shell, and collecting sensitive device information. The report delves into the botnet's unique features, including its multi-DNS resolution methods, encrypted communication protocol, and connection to a previously used IP address associated with Mirai botnets. The analysis covers sample detection, infrastructure details, reverse engineering findings, and provides insights into the author's techniques and expertise.