{
  "name": "New Threat: A Deep Dive Into the Zergeca Botnet",
  "slug": "new-threat-a-deep-dive-into-the-zergeca-botnet",
  "description": "An analysis of a newly discovered botnet named Zergeca, implemented in Go language, with capabilities for DDoS attacks, proxying, scanning, self-upgrading, persistence, file transfer, reverse shell, and collecting sensitive device information. The report delves into the botnet's unique features, including its multi-DNS resolution methods, encrypted communication protocol, and connection to a previously used IP address associated with Mirai botnets. The analysis covers sample detection, infrastructure details, reverse engineering findings, and provides insights into the author's techniques and expertise.",
  "published": "2024-07-05T13:33:40+00:00",
  "created_at": "2024-07-05T13:33:40+00:00",
  "modified_at": "2024-07-05T14:21:54+00:00",
  "created_at_opencti": "2024-07-05T13:33:40+00:00",
  "author": "",
  "confidence": null,
  "report_types": [],
  "labels": [],
  "tags": [
    "2024-07-05",
    "CVE-2016-20016",
    "CVE-2017-17215",
    "CVE-2018-10561",
    "CVE-2018-10562",
    "CVE-2022-35733",
    "botnet",
    "ddos",
    "go",
    "persistence",
    "zergeca"
  ],
  "related_entities": {
    "observables": [
      {
        "id": "",
        "name": "31.6.16.33"
      },
      {
        "id": "",
        "name": "145.239.108.150"
      },
      {
        "id": "",
        "name": "84.54.51.82"
      },
      {
        "id": "",
        "name": "bot.hamsterrace.space"
      },
      {
        "id": "",
        "name": "network.target"
      },
      {
        "id": "",
        "name": "multi-user.target"
      },
      {
        "id": "",
        "name": "cea6e4aa15d7c6a2b2c794a660afaf96d43462e0b74436600a2c8a2288ad0c27"
      },
      {
        "id": "",
        "name": "b55b1947a11de7ee2cb3aaede12ce15c85abf2b607d1ebd8f5ed56e3a6ef7c43"
      },
      {
        "id": "",
        "name": "7e62e3e8911c0cb19df3477df0603fddeff82223e1cc6da7fb1698f512ff2cd2"
      },
      {
        "id": "",
        "name": "6b81d548c0fbd7a2275bb0d29deca0de96c1584ce7aadaf4f5dac3cb28ee9c29"
      },
      {
        "id": "",
        "name": "7db9189afd00c2b60b7f892ef1b86d040fb1cf02145c7d2e414ef77ba3335c11"
      },
      {
        "id": "",
        "name": "2e9df8987212300815928e0426e9358b1380a1eaba38270d03dd69e421686b5b"
      },
      {
        "id": "",
        "name": "0dbbe5616de71c5753768de555203fb9eb2f1e72a8cb5bdce0559bc5cdfa3b2e"
      }
    ],
    "malware": [
      {
        "id": "5043c05a-39a3-47d8-a273-3d07dfdc1784",
        "name": "Zergeca",
        "slug": "zergeca"
      }
    ],
    "attack_patterns": [
      {
        "id": "30fcebc4-6a32-43bc-b86f-09ec8d055dbc",
        "name": "T1609"
      },
      {
        "id": "1d0d9e67-eb8a-439c-a2c7-cab311bb25c4",
        "name": "T1195.002"
      },
      {
        "id": "195d9773-4de3-4f61-b94d-a2b53cb65608",
        "name": "T1021.001"
      },
      {
        "id": "320df345-a473-4f17-9588-6cd021c14bd3",
        "name": "T1583.003"
      },
      {
        "id": "2e0c6db7-16a7-4bf6-992e-263474014fce",
        "name": "T1059.004"
      },
      {
        "id": "c9ee9b30-ba84-4c24-95e9-e8242d42af3f",
        "name": "T1071.001"
      },
      {
        "id": "46ecf5ab-5539-4a8a-aa5b-c180d0ae5a67",
        "name": "T1059.002"
      },
      {
        "id": "70616b2f-4019-4963-b758-5d9f6f20e201",
        "name": "T1082"
      },
      {
        "id": "306ee8dc-1d64-4916-96be-18060d690ad7",
        "name": "T1499"
      },
      {
        "id": "6c8f8a40-2746-4a37-86bd-81e82afa6e62",
        "name": "T1190"
      }
    ],
    "others": [
      {
        "id": "",
        "name": "Canada"
      },
      {
        "id": "",
        "name": "Germany"
      },
      {
        "id": "",
        "name": "United States of America"
      }
    ]
  },
  "external_refs": [
    "https://blog.xlab.qianxin.com/a-deep-dive-into-the-zergeca-botnet",
    "https://otx.alienvault.com/pulse/66881254e482093db1d6f9ba"
  ]
}