Agoent

Malware Profile Updated 3 months ago

Download STIX

Preview STIX

AGoent is a sophisticated malware, a malicious software designed to exploit and damage computer systems. This Golang-based agent bot has been observed in multiple attacks, exploiting a year-old vulnerability to launch various nefarious activities. It operates by fetching the script file "exec.sh" from an attacker-controlled website, which then retrieves the Executable and Linkable Format (ELF) files of different Linux-based architectures. Capable of executing a wide range of malicious actions, AGoent can carry out DDoS attacks, cryptocurrency mining, and installation of additional malware. Its complex behaviors are aimed at evading detection and establishing persistence in the systems it infects. Recently, researchers at Fortinet have reported an increase in attacks targeting this particular vulnerability. The attacks, observed over the past month, have involved several botnets including Moobot, Miori, AGoent, a Gafgyt variant, and an unnamed variant of the infamous Mirai botnet. These threat actors are exploiting unpatched devices to dispatch their botnets, compromising them for DDoS and other harmful activities. The rise in these attacks underscores the importance of maintaining up-to-date security patches on all devices. Unpatched devices provide an easy avenue for these threat actors to dispatch botnets like AGoent and others. The ongoing threat posed by AGoent and similar botnets highlights the critical need for robust cybersecurity measures, including regular system updates and vigilant monitoring for suspicious activity.

What's your take? (Question 1 of 5)

Help tune the shared Cybergeist dataset, assist your peers, and earn karma. Expand the panel to get started.

Possible Aliases / Cluster overlaps

It's hard to track cluster overlaps and naming conventions between vendors, so here are some possible overlapping names / profiles you also may want to look at.

ID	Votes	Profile Description
Gafgyt Variant	3	The Gafgyt variant is a malicious software that poses a significant threat to computer systems and devices. This malware can infiltrate your system through suspicious downloads, emails, or websites, often without the user's knowledge. Once inside, it has the potential to steal personal information,
Mirai Botnet	1	The Mirai botnet is a type of malware, malicious software designed to exploit and harm computer systems. It spreads by exploiting vulnerabilities in different systems, most notably through Ivanti Connect Secure bugs and the JAWS Webserver. Once inside a system, it can steal personal information, dis
Moobot	1	Moobot is a malicious software (malware) that has been causing significant disruption in the digital world. The malware, which can infiltrate systems through various methods such as suspicious downloads, emails, or websites, is known for its capability to steal personal information, disrupt operatio

Miscellaneous Associations

Other elements of context that could aid in the identification of relevance

Botnet

Bot

Ddos

Fortiguard

Malware

Vulnerability

Associated Malware

To see the evidence that has resulted in this association, create a free account

ID	Type	Votes	Profile Description
Gafgyt	Unspecified	1	Gafgyt, also known as Bashlite, is a form of malware that infects Linux architecture operating systems to launch Distributed Denial of Service (DDoS) attacks. The malware infiltrates systems through suspicious downloads, emails, or websites, and once inside, it can steal personal information, disrup
Mirai	is related to	1	Mirai is a type of malware that primarily targets Internet of Things (IoT) devices to form botnets, which are networks of private computers infected with malicious software and controlled as a group without the owners' knowledge. In early 2022, Mirai botnets accounted for over 7 million detections g
Miori	Unspecified	1	Miori is a variant of the notorious Mirai malware, which shares similar modules with it. Like other types of malware, Miori is designed to exploit and damage computer systems, often infiltrating them through suspicious downloads, emails, or websites. Once it has infected a system, it can steal perso

Associated Threat Actors

To see the evidence that has resulted in this association, create a free account

ID	Type	Votes	Profile Description
No associations to display

Associated Vulnerabilities

To see the evidence that has resulted in this association, create a free account

ID	Type	Votes	Profile Description
CVE-2023-1389	Unspecified	2	CVE-2023-1389 is a significant software vulnerability, specifically a command injection flaw, found in TP-Link Archer AX21 routers. The flaw was publicly released in March of this year and has since been exploited by malicious actors to gain unauthorized access to devices. Attack traffic through the

Source Document References

Information about the Agoent Malware was read from the documents corpus below. This display is limited to 20 results, create a free account to see more

Source	CreatedAt	Title
DARKReading	3 months ago	Various Botnets Pummel Year-Old TP-Link Flaw in IoT Attacks
Fortinet	3 months ago	Botnets Continue Exploiting CVE-2023-1389 for Wide-Scale Spread \| FortiGuard Labs
BankInfoSecurity	3 months ago	Exploited TP-Link Vulnerability Spawns Botnet Threats