Cayosin

Malware updated a year ago (2024-11-29T14:00:53.281Z)
Download STIX
Preview STIX
Cayosin is a type of malware, a harmful software designed to exploit and damage computer systems or devices. It has been deployed by the Diicot cybercrime group in a new campaign, according to research from Cado Labs. Traditionally associated with cryptojacking campaigns, Diicot has shifted tactics, deploying an off-the-shelf Mirai-based botnet agent named Cayosin. The primary targets of this campaign are internet-exposed SSH servers with password authentication enabled. If a compromised system runs OpenWRT, a Linux-based open-source operating system for networking devices, the attackers deploy a script that determines the device CPU architecture and deploys a Cayosin binary compiled for that architecture. The Cayosin botnet has been specifically employed to target routers running the Linux-based embedded devices operating system OpenWrt. Researchers have found evidence that Diicot threat actors are expanding their capabilities with new payloads and the Cayosin Botnet. In instances where the malware encounters an OpenWrt router, a Mirai-style spreader script called “bins.sh” is launched to retrieve the Cayosin botnet agent’s binaries. This indicates a shift in the group's attack style, showing adaptability based on their targets. Earlier this year, researchers from Akamai noted a change in the group's name and a diversification of its attack toolkit. This included the addition of an SSH worm written in Golang and the deployment of a Mirai variant called Cayosin. The development and distribution of these malware families, such as Cayosin and Qbot, demonstrate the increasingly sophisticated strategies of cybercriminals, who often sell and redistribute these tools as a service. As a result, it is crucial to remain vigilant and maintain robust cybersecurity measures to counter these threats.
Description last updated: 2024-05-05T04:56:09.892Z
What's your take? (Question 1 of 5)
Help tune the shared Cybergeist dataset, assist your peers, and earn karma. Expand the panel to get started.
Aliases We are not currently tracking any aliases
Miscellaneous Associations
Other elements of context that could aid in the identification of relevance
Botnet
Linux
Bot
Cybercrime
Analyst Notes & Discussion
Be the first to leave your mark here! Log in to share your views and vote.
Associated Malware
To see the evidence that has resulted in these malware associations, create a free account
Alias DescriptionAssociation TypeVotes
The Mirai Malware is associated with Cayosin. Mirai is a type of malware that primarily targets Internet of Things (IoT) devices, converting them into a botnet, which is then used to launch Distributed Denial of Service (DDoS) attacks. In early 2022, Mirai botnets accounted for over seven million detections worldwide, though there was a 9% quarUnspecified
2
Associated Threat Actors
To see the evidence that has resulted in these threatActor associations, create a free account
Alias DescriptionAssociation TypeVotes
The Diicot Threat Actor is associated with Cayosin. The Diicot Threat Group, an emerging threat actor with sophisticated technical knowledge, has been identified as a significant cybersecurity concern. They have recently targeted SSH servers with brute-force malware, using a relatively limited username/password list consisting of default and easily-gUnspecified
2
Source Document References
Information about the Cayosin Malware was read from the documents corpus below. This display is limited to 20 results, create a free account to see more