Hailbot

Malware updated 4 months ago (2024-05-04T18:01:36.282Z)

Download STIX

Preview STIX

HailBot is a malicious software variant that emerged in September 2023, based on the Mirai source code. This malware was identified and analyzed by cybersecurity firm NSFOCUS and content delivery network Akamai. It is known to propagate through exploitation of vulnerabilities and weak passwords, with its name derived from the string information 'hail china mainland' which is output after running. The go-live data packet of the original Mirai has been modified for hailBot traffic, making it a unique identifier along with the console string "hail china mainland" printed upon successful compromise of a system. Additional malware samples linked to the hailBot Mirai variant were also discovered by researchers. These samples included file names with the string "skid", contrasting with the "jkxl" filename primarily contained in the JenX malware variant. The hailBot controller's command and control (C&C) infrastructure, with IP addresses 5.181.80.120 and 5.181.80.115, had previously disseminated multiple bait documents carrying the CVE-2017-11882 vulnerability, indicating a history of active cyber threats. The hailBot has exhibited significant activity in its historical operations. Its attack commands and server responses have been documented, providing insights into its operational mechanics. For instance, one notable activity includes scanning port 23, a common tactic used by botnets to identify vulnerable devices. With this information, cybersecurity firms are better equipped to develop countermeasures against this threat and similar malware variants.

Description last updated: 2024-05-04T17:11:03.630Z

What's your take? (Question 1 of 0)

Help tune the shared Cybergeist dataset, assist your peers, and earn karma. Expand the panel to get started.

Aliases We are not currently tracking any aliases

Miscellaneous Associations

Other elements of context that could aid in the identification of relevance

Analyst Notes & Discussion

Be the first to leave your mark here! Log in to share your views and vote.

Associated Malware

To see the evidence that has resulted in these malware associations, create a free account

ID	Type	Votes	Profile Description
Mirai	is related to	2	Mirai is a type of malware that specifically targets Internet of Things (IoT) devices such as smart speakers, cameras, and connected home equipment. It exploits weak Telnet (port 23) and SSH (port 22) credentials to gain control over these devices. Once infected, these devices are then incorporated

Source Document References

Information about the Hailbot Malware was read from the documents corpus below. This display is limited to 20 results, create a free account to see more

Source Link	CreatedAt	Title
CERT-EU	9 months ago	พบ Botnet ตัวใหม่ในชื่อ 'InfectedSlurs' ใช้ Zero-Days 2 รายการในการโจมตี NVR และ Routers - Bangkok, Thailand \| i-secure Co, Ltd.
CERT-EU	9 months ago	Mirai-based Botnet Exploiting Zero-Day Bugs in Routers and NVRs for Massive DDoS Attacks
CERT-EU	9 months ago	Mirai-based botnet targets routers and video recorders via zero-day flaws
CERT-EU	a year ago	Mirai Botnet’s New Wave: hailBot,kiraiBot, catDDoS, and Their Fierce Onslaught