Sieren Botnet
Sieren is a botnet that can perform distributed denial-of-service (DDoS) attacks by sending floods of HTTP, HTTPS and UDP packets to specified web servers.
At the time of publication it is not known how Sieren initially infects new host devices. When Sieren is executed it sends the following system information to its command and control (C2) server:
- Username
- Machine name
- Operating system version
- Processor architecture
The C2 server responds with a target URL for the DDoS attack. Once the target URL is received, Sieren chooses the most relevant attack method and carries out the attack. Sieren stops the attack when the C2 server stops sending additional commands.
Sieren can also instruct infected hosts to install additional malware, update Sieren or uninstall Sieren.
A Sieren botnet (the one w/ C2 on burgerkingfanbase[.]net) had a task to DDoS forum.exlpoit[.]in…
— MalwareHunterTeam (@malwrhunterteam) 22 November 2018
The domain was registered in past month, and currently behind CF.
🤔 pic.twitter.com/gjXKj8c4S5
Indicators of Compromise
File hash (MD5):
- 320A600147693B3D135ED453FAC42E82
URLs:
- cx93835[.]tmweb.ru/rrljw91zqd.exe
- burgerkingfanbase[.]net/great.php
Duncan is a technology professional with over 20 years experience of working in various IT roles. He has a interest in cyber security, and has a wide range of other skills in radio, electronics and telecommunications.