malware-attack

Analysis

A recent Go-based botnet called HinataBot specializes in initiating DDoS assaults. It preys on Linux-based servers with lax security and makes use of known software flaws.

Infecting Linux-based servers with the malware known as Hinata results in the development of a botnet—a network of infected computers that may be remotely managed to engage in harmful activity. Cybercriminals utilize the Hinata botnet to conduct DDoS attacks, mine bitcoins and take private information from the compromised servers.

Prevention

Use strong passwords, enable multi-factor authentication, update all software commonly, install anti-malware software, keep an eye on network traffic and system logs, disable unutilized services and ports, and use intrusion detection and prevention systems to avoid becoming infected with the Hinata bot.

Detection

You can use the following methods to find the Hinata bot on a Linux-based server: 

  • Watch system logs 
  • Employ a malware scanner 
  • Conduct vulnerability scanning 
  • Look for odd processes or files

Indicators of Compromise (IOCs)

Some indications of compromise (IOCs) related to the Hinata bot are listed below:

Ports: 61420, 4120

IPs: 77.73.131.247, 156.236.16.237, 185.112.83.254, etc.

File names include: wget.sh, tftp.sh, and hinata-linux.amd64

There are many other file names that may be discussed, such as hinata-windows-arm5, hinata-plan9-arm5, hinata-openbsd-arm5, hinata-netbsd-arm5, and hinata-linux-arm5.

It's crucial to remember that this list of IOCs is not exhaustive, and as the threat changes, new ones might appear. Every organization should keep an eye out for any suspicious activity or Hinata bot infection signs, and if any are found, act accordingly.

Remediation

To remediate the Hinata bot infection

  • Disconnect the infected system from the network
  • Remove the malware files, change all login credentials
  • Then apply software updates and patches, scan the system for malware
  • Review the system and network logs
  • Finally, implement additional security measures.

Reference

Akamai- Uncovering Hinatabot: A Deep Dive into a Go-Based Threat 

The Hacker News- New GoLang-Based HinataBot Exploiting Router and Server Flaws for DDoS Attacks 

 

# Managed Security Services

Recent Threat Bulletin

A report on Jenkins CVE-2024-23897 vulnerability
Ivanti Zero-Day Vulnerabilities: Connect Secure and IPS
Unmasking Androxgh0st: A deep dive to safeguard your network

Get in touch

Send us a Message

Looking for general information or have a specific question. Fill the form below or drop
us a line at susan@positka.com.

logo-img

Positka specializes in high-end technology solutions to help businesses improve their IT infrastructure with advanced Security Protocols, excellence in Analytics, Streamlined IT Operations, & around-the-clock Managed services.

Quick Links

Services

Copyright Positka © . All Rights Reserved.