BuleHero Botnet

By GoldSparrow in Botnets

Translate To:

BuleHero is a Botnet that uses a lot of sideway movement modules to install XMRig Miner and Gh0st RAT. In depth research of the malware revealed that BuleHero used Swpuhostd.exe to download a port scanning tool so the botnet could perform a scan, looking for exposed and vulnerable computers connected to the network. Researchers discovered that the threat sequentially scanned for IP addresses with ports 80 and 3389 open. It then saved these results into a Results.txt file.

Consequently, it gave those passwords to PsExec and WMIC, tools that assisted the malware spread to other computers on the same network.The BuleHero botnet is not the only recently found threat known for using sideway motion to spread across a network and infect other computers. Security analysts can help their organizations defend against the BuleHero botnet by leveraging user behavior analytics (UBA) to identify behaviors that could point to potentially malicious activity on the network.

Enigma Software Group Prevails Over Malwarebytes at the Ninth Circuit

Search

Change Region

BuleHero Botnet

Submit Comment

Trending

'YouPorn' Email Scam

Safe Search Eng

Findtheirreport.com

Most Viewed

Is Lookmovie.io Safe?

How To Fix 'Printer Driver is Unavailable' Error

Discord Shows Black Screen when Sharing Screen