Botnet Encyclopedia Archive - Guardicore

Botnet Encyclopedia

Get in-depth analyses of attack campaigns captured by Guardicore Global Sensors Network (GGSN).
Learn about each botnet’s scope, its associated indicators of compromise (IOCs), and the attack flow.

911

911

A long-running campaign in which a Mirai-variant named “Sora” is deployed. The malware scans for additional victims over Telnet port 23.

GhOul

GhOul

This Telnet DDoS campaign is targeting SSH servers and has been active since February 2020.

PLEASE_READ_ME_VVV

PLEASE_READ_ME_VVV

This campaign, unlike many others, is not a cryptomining botnet. Here, the attackers compromise victim machines using MySQL brute force

Smominru

Smominru

The Smominru botnet and its variants MyKings and Hexmen managed to infect thousands of MS-SQL machines on a daily basis

PLEASE_READ_ME

PLEASE_READ_ME

PLEASE_READ_ME_VVV is a mass-scale ransom attack, in which the attackers choose to leave the ransom note within MySQL database tables.

FaNeL

FaNeL

An individual hacker based in Romania is breaching machines over SSH and executing a Monero cryptominer on them.

We strive for cooperation with the cyber threat intelligence community and welcome any contribution, question and suggestion.

.comeet-outer-wrapper{padding:50px;}.comeet-list .comeet-positions-list .positions-row{display:inline-flex;}@media only screen and (max-width: 767px){.comeet-list .comeet-positions-list .positions-row{display:unset;}}@media only screen and (max-width: 767px){.comeet-list .comeet-positions-list .comeet-position-holder{width:100%;}}.comeet-list .comeet-positions-list .comeet-position-holder{display:flex;margin:1%;}.comeet-positions-list .comeet-position-holder a.comeet-position{width:100%;float:left;margin-bottom:3%;padding:20px;box-sizing:border-box;border:1px solid #d5d5d5;min-height:75px;border-radius:2px;box-shadow:0 1px 1px rgba(0,0,0,10%);}.comeet-positions-list .comeet-position-holder a.comeet-position:hover{box-shadow:0 .5rem 1rem rgba(0,0,0,.15) !important;}.comeet-position .comeet-position-name .position-location{display:block;color:#595969;font-size:18px;}.comeet-position .comeet-position-name .position-location:before{width:20px;height:30px;display:inline-block;content:"";background:url("https://cdn-bjkoa.nitrocdn.com/mlIhCHRTfPubLxJNymRbEvENjulcCLLH/assets/static/optimized/rev-e3d4257/wp-content/uploads/location-icon-purple-croped-2.png") no-repeat left bottom;background-size:17px 30px;}.comeet-position .comeet-position-name .position-name{display:block;color:#595969;font-size:1.3em;font-weight:bold;}.comeet-position .comeet-position-meta .position-department{display:block;color:#595969;font-size:1.2em;margin-bottom:20px;}.comeet-position .comeet-position-meta .position-description{display:block;color:#595969;font-size:18px;}.comeet-positions-list .comeet-position-holder a.comeet-position span.purpleBtn{background:#7400ef;color:#fff !important;border-color:#7400ef;padding:5px 30px;font-weight:normal;display:inline-block;margin-top:20px;font-size:16px;}.wp-block-code{background-color:#000;color:#f6f23c;}.fa-angle-left:before{content:url("https://cdn-bjkoa.nitrocdn.com/mlIhCHRTfPubLxJNymRbEvENjulcCLLH/assets/static/source/rev-e3d4257/wp-content/uploads/Vector-5.svg") !important;}p a:hover{color:#370a6f !important;}.elementor-text-editor li a:hover{color:#370a6f !important;}