Agoent

Malware updated 7 months ago (2024-05-05T10:17:46.519Z)
Download STIX
Preview STIX
AGoent is a sophisticated malware, a malicious software designed to exploit and damage computer systems. This Golang-based agent bot has been observed in multiple attacks, exploiting a year-old vulnerability to launch various nefarious activities. It operates by fetching the script file "exec.sh" from an attacker-controlled website, which then retrieves the Executable and Linkable Format (ELF) files of different Linux-based architectures. Capable of executing a wide range of malicious actions, AGoent can carry out DDoS attacks, cryptocurrency mining, and installation of additional malware. Its complex behaviors are aimed at evading detection and establishing persistence in the systems it infects. Recently, researchers at Fortinet have reported an increase in attacks targeting this particular vulnerability. The attacks, observed over the past month, have involved several botnets including Moobot, Miori, AGoent, a Gafgyt variant, and an unnamed variant of the infamous Mirai botnet. These threat actors are exploiting unpatched devices to dispatch their botnets, compromising them for DDoS and other harmful activities. The rise in these attacks underscores the importance of maintaining up-to-date security patches on all devices. Unpatched devices provide an easy avenue for these threat actors to dispatch botnets like AGoent and others. The ongoing threat posed by AGoent and similar botnets highlights the critical need for robust cybersecurity measures, including regular system updates and vigilant monitoring for suspicious activity.
Description last updated: 2024-05-05T10:15:03.036Z
What's your take? (Question 1 of 4)
Help tune the shared Cybergeist dataset, assist your peers, and earn karma. Expand the panel to get started.
Possible Aliases / Cluster overlaps
It's hard to track cluster overlaps and naming conventions between vendors, so here are some possible overlapping names / profiles you also may want to look at. Create a free account to see the source evidence for each alias, and help fix any errors.
Alias DescriptionVotes
Gafgyt Variant is a possible alias for Agoent. The Gafgyt variant is a malicious software that poses a significant threat to computer systems and devices. This malware can infiltrate your system through suspicious downloads, emails, or websites, often without the user's knowledge. Once inside, it has the potential to steal personal information,
3
Miscellaneous Associations
Other elements of context that could aid in the identification of relevance
Botnet
Bot
Ddos
Analyst Notes & Discussion
Be the first to leave your mark here! Log in to share your views and vote.
Associated Vulnerabilities
To see the evidence that has resulted in these vulnerability associations, create a free account
Alias DescriptionAssociation TypeVotes
The CVE-2023-1389 Vulnerability is associated with Agoent. CVE-2023-1389 is a command injection vulnerability discovered in TP-Link Archer AX21 routers. This flaw in software design or implementation was publicly released in March of the year 2023 and has since been exploited by various malicious actors. Attack traffic through the vulnerable routers has beeUnspecified
2
Source Document References
Information about the Agoent Malware was read from the documents corpus below. This display is limited to 20 results, create a free account to see more