Zerobot Attack
Released: Dec 27, 2022
Go-based malware exploiting multiple vulnerabilities.
Zerobot is a Go-based botnet that spreads primarily through IoT and web application vulnerabilities. According to Fortinet research analysis the most recent distribution of Zerobot includes additional capabilities such a new DDoS attack capabilities and exploiting Apache vulnerabilities. Learn More »
Common Vulnerabilities and Exposures
CVE-2016-20017
CVE-2017-17105
CVE-2019-10655
CVE-2020-25223
CVE-2021-42013
CVE-2022-31137
CVE-2022-33891
CVE-2022-30525
CVE-2017-17106
Background
In November 2022, FortiGuard Labs observed a unique botnet written in the Go language known as Zerobot which contains several modules, including self-replication, attacks for different protocols, and self-propagation. For more information on Zerobot Malware, see the link to Fortinet blog below. Please note, ZeroBot Malware does not relates to ZeroBot Chatbot or ZeroBot AI
Threat Radar Overall Score: 4.6
CVSS Rating | 9.0 | |
Reconnaissance Score | 92/100 | |
KEV Catalog | Yes | |
EPSS | 98% | |
FortiGuard Telemetry | 20136 |
Latest Development
Recent news and incidents related to cybersecurity threats encompassing various events such as data breaches, cyber-attacks, security incidents, and vulnerabilities discovered.
December 06, 2022: Fortinet posted a security blog research about Zerobot at https://www.fortinet.com/blog/threat-research/zerobot-new-go-based-botnet-campaign-targets-multiple-vulnerabilities
December 12, 2022: Microsoft uncovers new Zerobot 1.1 capabilities and posted a blog at https://www.microsoft.com/en-us/security/blog/2022/12/21/microsoft-research-uncovers-new-zerobot-capabilities
FortiGuard Cybersecurity Framework
Mitigate security threats and vulnerabilities by leveraging the range of FortiGuard Services.
-
AV
-
Vulnerability
-
AV (Pre-filter)
-
Behavior Detection
-
IPS
-
Web App Security
-
Application Firewall
-
Web Filter
-
Botnet C&C
-
IOC
-
Outbreak Detection
-
Threat Hunting
-
Content Update
-
Automated Response
-
Assisted Response Services
-
InfoSec Services
-
Attack Surface Monitoring (Inside & Outside)
AV Detect and block payloads related to Zerobot Malware
Vulnerability Detect vulnerable devices related to Zerobot attack
AV (Pre-filter) Detect and block payloads related to Zerobot Malware
Behavior Detection Behavior Detection Engine detects "ELF/Zerobot.A!tr" as High Risk
IPS Detect and block Zerobot related attack attempts
Web App Security Detect and block Zerobot related attack attempts
Application Firewall Detect and block Zerobot related attack attempts
Web Filter Blocks known IOCs related to Zerobot Attack
Botnet C&C Blocks traffic to known Zerobot C2 servers
Outbreak Detection
Threat Hunting
Content Update
Automated Response Services that can automaticlly respond to this outbreak.
FortiClient Forensics
Assisted Response Services Experts to assist you with analysis, containment and response activities.
InfoSec Services Security readiness and awareness training for SOC teams, InfoSec and general employees.
Attack Surface Monitoring (Inside & Outside) Security reconnaissance and penetration testing services, covering both internal & external attack vectors, including those introduced internally via software supply chain.
Threat Intelligence
Information gathered from analyzing ongoing cybersecurity events including threat actors, their tactics, techniques, and procedures (TTPs), indicators of compromise (IOCs), malware and related vulnerabilities.
Loading ...
Indicators of compromise
IOC Indicator List
Indicators of compromise
IOC Threat Activity
Last 30 days
Chg
Avg 0
Mitre Matrix
Click here for the ATT&CK Matrix
References
Sources of information in support and relation to this Outbreak and vendor.