Pushdo

Malware updated 5 months ago (2024-05-04T20:42:20.712Z)
Download STIX
Preview STIX
Pushdo is a type of malware that has been associated with various cyber attacks and malicious activities. First recognized in 2013, Pushdo was identified as the most widespread "bad bot," infecting over 4.2 million IPs including those of private companies, government agencies, and military networks. Its primary function was to distribute spam and spread malicious Trojans, similar to early 2000s bots. It is also known for its connection with the Cutwail botnet, a network of infected computers used to send out spam emails or engage in other forms of cybercrime. Throughout the years, Pushdo has been utilized alongside different types of malware and tools frequently linked with ITG23-related attacks. Notably, in the past year, it has been used with Forest, a tool associated with several malware variants such as Bumblebee, IcedID, CobaltStrike, Qakbot, and Pikabot. This suggests a close relationship between these actors. In addition, Pushdo has also been deployed with Gozi loaders distributed by the Cutwail botnet, further solidifying its connection to this notorious network. In 2023, an interesting development was observed where Pushdo was used in conjunction with Dave and Forest crypters. A crypter is a software tool that can encrypt, obfuscate, and manipulate malware, to make it harder to detect or reverse engineer. Furthermore, a custom crypter was discovered being used with both TrickLoader and Vawtrak, along with Pushdo and Cutwail malware. This highlights the evolving sophistication of these malicious tools and their ability to adapt and integrate with each other to increase their effectiveness and evade detection.
Description last updated: 2024-01-06T09:36:51.566Z
What's your take? (Question 1 of 2)
Help tune the shared Cybergeist dataset, assist your peers, and earn karma. Expand the panel to get started.
Possible Aliases / Cluster overlaps
It's hard to track cluster overlaps and naming conventions between vendors, so here are some possible overlapping names / profiles you also may want to look at. Create a free account to see the source evidence for each alias, and help fix any errors.
Alias DescriptionVotes
Cutwail is a possible alias for Pushdo. Cutwail is a notorious malware that has been associated with various botnets, including Necurs, Andromeda, and Dridex, at different stages of their lifecycle. It has been implicated in the distribution of malicious payloads such as IcedID, Gozi, and Pushdo, often using crypters like Hexa, Forest, Sn
2
Miscellaneous Associations
Other elements of context that could aid in the identification of relevance
Malware
Botnet
Analyst Notes & Discussion
Be the first to leave your mark here! Log in to share your views and vote.
Source Document References
Information about the Pushdo Malware was read from the documents corpus below. This display is limited to 20 results, create a free account to see more