Agoent

Malware Profile Updated 25 days ago
Download STIX
Preview STIX
AGoent is a sophisticated malware, a malicious software designed to exploit and damage computer systems. This Golang-based agent bot has been observed in multiple attacks, exploiting a year-old vulnerability to launch various nefarious activities. It operates by fetching the script file "exec.sh" from an attacker-controlled website, which then retrieves the Executable and Linkable Format (ELF) files of different Linux-based architectures. Capable of executing a wide range of malicious actions, AGoent can carry out DDoS attacks, cryptocurrency mining, and installation of additional malware. Its complex behaviors are aimed at evading detection and establishing persistence in the systems it infects. Recently, researchers at Fortinet have reported an increase in attacks targeting this particular vulnerability. The attacks, observed over the past month, have involved several botnets including Moobot, Miori, AGoent, a Gafgyt variant, and an unnamed variant of the infamous Mirai botnet. These threat actors are exploiting unpatched devices to dispatch their botnets, compromising them for DDoS and other harmful activities. The rise in these attacks underscores the importance of maintaining up-to-date security patches on all devices. Unpatched devices provide an easy avenue for these threat actors to dispatch botnets like AGoent and others. The ongoing threat posed by AGoent and similar botnets highlights the critical need for robust cybersecurity measures, including regular system updates and vigilant monitoring for suspicious activity.
What's your take? (Question 1 of 4)
2dc13438-8da8-4ed0-89df-c1d8fd5e2ce4 Help tune the shared Cybergeist dataset, assist your peers, and earn karma. Expand the panel to get started.
Possible Aliases / Cluster overlaps
It's hard to track cluster overlaps and naming conventions between vendors, so here are some possible overlapping names / profiles you also may want to look at.
IDVotesProfile Description
Gafgyt Variant
3
The Gafgyt variant is a malicious software that poses a significant threat to computer systems and devices. This malware can infiltrate your system through suspicious downloads, emails, or websites, often without the user's knowledge. Once inside, it has the potential to steal personal information,
Miscellaneous Associations
Other elements of context that could aid in the identification of relevance
Botnet
Bot
Ddos
Associated Malware
To see the evidence that has resulted in this association, create a free account
IDTypeVotesProfile Description
No associations to display
Associated Threat Actors
To see the evidence that has resulted in this association, create a free account
IDTypeVotesProfile Description
No associations to display
Associated Vulnerabilities
To see the evidence that has resulted in this association, create a free account
IDTypeVotesProfile Description
CVE-2023-1389Unspecified
2
CVE-2023-1389 is a significant software vulnerability identified in March of this year, involving a flaw in the design or implementation of certain routers. This vulnerability specifically affects TP-Link Archer AX21 (AX1800) routers and allows for command injection, enabling unauthorized users to g
Source Document References
Information about the Agoent Malware was read from the documents corpus below. This display is limited to 20 results, create a free account to see more
SourceCreatedAtTitle
Fortinet
a month ago
Botnets Continue Exploiting CVE-2023-1389 for Wide-Scale Spread | FortiGuard Labs
BankInfoSecurity
a month ago
Exploited TP-Link Vulnerability Spawns Botnet Threats
DARKReading
a month ago
Various Botnets Pummel Year-Old TP-Link Flaw in IoT Attacks