Gorillabot

Malware updated 7 days ago (2024-11-29T13:56:48.383Z)
Download STIX
Preview STIX
GorillaBot, a new variant of the infamous Mirai malware family, has caused significant disruptions with a sharp surge in Distributed Denial-of-Service (DDoS) attacks over the past month. From September 4 to September 27, the malicious software launched approximately 300,000 attacks impacting around 20,000 organizations globally, nearly 4,000 of which were based in the United States. According to researchers at NSFocus, GorillaBot supports multiple architectures including ARM, MIPS, x86_64, and x86, and is characterized by its unique signature message: "gorilla botnet is on the device ur not a cat go away." The GorillaBot malware utilizes five built-in command-and-control servers (C2s) to issue continuous attack commands throughout each day. Nearly a quarter of these attacks employed TCP ACK Bypass flood methods, designed to overload the target system with junk data. The online package and command parsing module reuse Mirai source code, indicating that while GorillaBot is a new variant, it shares some foundational elements with its predecessor. Despite its Mirai roots, GorillaBot comes equipped with an expanded arsenal of DDoS attack methods, totaling 19 different strategies. This includes various types of DDoS floods via UDP packets and TCP Syn and ACK packets. As a result, GorillaBot presents a considerably more potent threat than previous iterations, posing a significant challenge for cybersecurity professionals and organizations worldwide.
Description last updated: 2024-10-17T12:38:03.555Z
What's your take? (Question 1 of 1)
Help tune the shared Cybergeist dataset, assist your peers, and earn karma. Expand the panel to get started.
Possible Aliases / Cluster overlaps
It's hard to track cluster overlaps and naming conventions between vendors, so here are some possible overlapping names / profiles you also may want to look at. Create a free account to see the source evidence for each alias, and help fix any errors.
Alias DescriptionVotes
Mirai is a possible alias for Gorillabot. Mirai is a type of malware that primarily targets Internet of Things (IoT) devices, converting them into a botnet, which is then used to launch Distributed Denial of Service (DDoS) attacks. In early 2022, Mirai botnets accounted for over seven million detections worldwide, though there was a 9% quar
2
Miscellaneous Associations
Other elements of context that could aid in the identification of relevance
Botnet
Analyst Notes & Discussion
Be the first to leave your mark here! Log in to share your views and vote.
Source Document References
Information about the Gorillabot Malware was read from the documents corpus below. This display is limited to 20 results, create a free account to see more
PreviewSource LinkCreatedAtTitle
DARKReading
2 months ago