HailBot, a variant of the Marai botnet, has gained popularity in 2023 due to its speed in delivering and infecting systems. It has been involved in large-scale attacks, notably on the Chinese AI startup Deepseek. The botnet is designed to eliminate other botnets and processes on infected hosts, focusing solely on executing DDoS attacks. Affected: Chinese AI startup, cybersecurity sector
Keypoints :
- HailBot is a variant of the Marai botnet.
- It became popular in 2023 for its speed in infection and delivery.
- A large-scale attack on the Chinese AI startup Deepseek occurred recently.
- HailBot is an ELF for ARM executable.
- MD5 hash of HailBot is 74AE300E854410ABB8C71A9E5C6182FF.
- The botnet terminates other running botnets on the same host.
- It hides its processes to avoid detection.
- HailBot supports TCP and UDP DDoS attacks with over 10 attack methods.
- Focuses solely on DDoS attacks without additional functions like telnet brute force.
MITRE Techniques :
- T1499 โ Endpoint Denial of Service: HailBot executes DDoS attacks using multiple methods.
- T1066 โ Indicator Removal on Host: HailBot hides its processes to avoid detection.
Indicator of Compromise :
- [MD5] 74AE300E854410ABB8C71A9E5C6182FF
Full Story: https://malwareanalysisspace.blogspot.com/2025/02/hailbot-analysis-other-variants-to-do.html