Technical Analysis of GorillaBot
Common Information
| Type | Value |
|---|---|
| UUID | 0bf4485c-d4f2-4be5-bad3-2d49396e75e4 |
| Fingerprint | aa427ce208e78c5cfaf2759c57da920f71f7b4ab2af9e86b2298af106e9c2ded |
| Analysis status | DONE |
| Considered CTI value | 0 |
| Text language | |
| Published | Oct. 10, 2024, 8:15 a.m. |
| Added to db | Oct. 14, 2024, 8:28 a.m. |
| Last updated | Oct. 14, 2024, 8:29 a.m. |
| Headline | Technical Analysis of GorillaBot |
| Title | Technical Analysis of GorillaBot |
| Detected Hints/Tags/Attributes | 65/2/66 |
Source URLs
URL Provider
Attributes
| Details | Type | #Events | CTI | Value |
|---|---|---|---|---|
| Details | Autonomous System Number | 1 | AS215240 |
|
| Details | Autonomous System Number | 1 | AS197414 |
|
| Details | Autonomous System Number | 1 | AS215208 |
|
| Details | Autonomous System Number | 1 | AS401120 |
|
| Details | Autonomous System Number | 3 | AS56971 |
|
| Details | Autonomous System Number | 1 | AS48678 |
|
| Details | Autonomous System Number | 3 | AS198953 |
|
| Details | Autonomous System Number | 1 | AS214943 |
|
| Details | Autonomous System Number | 1 | AS216240 |
|
| Details | Domain | 22 | nsfocusglobal.com |
|
| Details | Domain | 93 | bazaar.abuse.ch |
|
| Details | Domain | 7 | lol.sh |
|
| Details | Domain | 1 | gorillabin.su |
|
| Details | Domain | 15 | network.target |
|
| Details | Domain | 2 | user.target |
|
| Details | Domain | 1 | gorillacnc.su |
|
| Details | Domain | 1 | gorillaservices.su |
|
| Details | Domain | 1 | gorillafirewall.su |
|
| Details | Domain | 1 | gorillaproxy.su |
|
| Details | Domain | 1 | gorilla-api.su |
|
| Details | Domain | 396 | protonmail.com |
|
| Details | Domain | 29 | urlhaus.abuse.ch |
|
| Details | Domain | 11 | govcert.ch |
|
| Details | Domain | 4126 | github.com |
|
| Details | Domain | 4 | www.ncsc.admin.ch |
|
| Details | 1 | abuse.regsrv@protonmail.com |
||
| Details | 1 | outreach@govcert.ch |
||
| Details | File | 14 | network.tar |
|
| Details | File | 2 | -user.tar |
|
| Details | File | 1 | abuse.reg |
|
| Details | File | 2 | ddos.html |
|
| Details | Github username | 1 | govcert-ch |
|
| Details | sha256 | 2 | 14fb8b3b89c5f626519950882f242dd53889b1067578a9321e721dbf4311a91f |
|
| Details | IPv4 | 2 | 45.202.35.64 |
|
| Details | IPv4 | 1 | 154.216.17.220 |
|
| Details | IPv4 | 1 | 91.92.246.113 |
|
| Details | IPv4 | 1 | 93.123.85.166 |
|
| Details | IPv4 | 1 | 185.208.158.192 |
|
| Details | IPv4 | 1 | 154.216.19.139 |
|
| Details | IPv4 | 1 | 193.143.1.59 |
|
| Details | IPv4 | 1 | 94.156.177.61 |
|
| Details | IPv4 | 1 | 185.170.144.84 |
|
| Details | IPv4 | 1 | 154.216.17.182 |
|
| Details | IPv4 | 2 | 154.216.18.173 |
|
| Details | IPv4 | 1 | 154.216.19.61 |
|
| Details | IPv4 | 5 | 154.216.20.14 |
|
| Details | IPv4 | 2 | 154.216.20.45 |
|
| Details | IPv4 | 8 | 185.170.144.49 |
|
| Details | IPv4 | 6 | 45.202.35.87 |
|
| Details | IPv4 | 1 | 45.88.88.41 |
|
| Details | IPv4 | 1 | 46.8.69.32 |
|
| Details | IPv4 | 1 | 94.156.177.68 |
|
| Details | IPv4 | 4 | 154.216.19.140 |
|
| Details | IPv4 | 1 | 193.143.1.61 |
|
| Details | IPv4 | 2 | 193.143.1.70 |
|
| Details | IPv4 | 1 | 193.143.1.66 |
|
| Details | IPv4 | 1 | 193.143.1.56 |
|
| Details | IPv4 | 1 | 193.143.1.62 |
|
| Details | IPv4 | 1 | 185.170.144.85 |
|
| Details | IPv4 | 1 | 154.216.19.146 |
|
| Details | IPv4 | 1 | 94.156.177.62 |
|
| Details | Url | 3 | https://nsfocusglobal.com/over-300000-gorillabot-the-new-king-of-ddos-attacks |
|
| Details | Url | 1 | https://bazaar.abuse.ch/sample/0671ab8eb145cea8e6b613b958a817e12d512a24ea1b5 |
|
| Details | Url | 1 | https://urlhaus.abuse.ch/browse/tag/gorillabotnet |
|
| Details | Url | 1 | https://github.com/govcert-ch/cti/tree/main/20241010 |
|
| Details | Url | 2 | https://www.ncsc.admin.ch/ncsc/en/home/cyberbedrohungen/ddos.html |