Hailbot

Malware updated 6 months ago (2024-05-04T18:01:36.282Z)
Download STIX
Preview STIX
HailBot is a malicious software variant that emerged in September 2023, based on the Mirai source code. This malware was identified and analyzed by cybersecurity firm NSFOCUS and content delivery network Akamai. It is known to propagate through exploitation of vulnerabilities and weak passwords, with its name derived from the string information 'hail china mainland' which is output after running. The go-live data packet of the original Mirai has been modified for hailBot traffic, making it a unique identifier along with the console string "hail china mainland" printed upon successful compromise of a system. Additional malware samples linked to the hailBot Mirai variant were also discovered by researchers. These samples included file names with the string "skid", contrasting with the "jkxl" filename primarily contained in the JenX malware variant. The hailBot controller's command and control (C&C) infrastructure, with IP addresses 5.181.80.120 and 5.181.80.115, had previously disseminated multiple bait documents carrying the CVE-2017-11882 vulnerability, indicating a history of active cyber threats. The hailBot has exhibited significant activity in its historical operations. Its attack commands and server responses have been documented, providing insights into its operational mechanics. For instance, one notable activity includes scanning port 23, a common tactic used by botnets to identify vulnerable devices. With this information, cybersecurity firms are better equipped to develop countermeasures against this threat and similar malware variants.
Description last updated: 2024-05-04T17:11:03.630Z
What's your take? (Question 1 of 0)
Help tune the shared Cybergeist dataset, assist your peers, and earn karma. Expand the panel to get started.
Aliases We are not currently tracking any aliases
Miscellaneous Associations
Other elements of context that could aid in the identification of relevance
Analyst Notes & Discussion
Be the first to leave your mark here! Log in to share your views and vote.
Associated Malware
To see the evidence that has resulted in these malware associations, create a free account
Alias DescriptionAssociation TypeVotes
The Mirai Malware is associated with Hailbot. Mirai is a type of malware that specifically targets Internet of Things (IoT) devices to create a botnet, which can then be used for various malicious activities. The Mirai botnet had a significant impact in early 2022, accounting for over 7 million botnet detections globally. However, there was a 9is related to
2