DarkSky

Discovered by Radware Threat Research, DarkSky is a botnet that is capable of downloading malware, conducting a number of network and application-layer distributed denial-of-service (DDoS) attacks, and detecting and evading security controls, such as sandboxes and virtual machines.

Read More
BotnetsNJCCICdarksky
JenX

Discovered in 2018 by Radware researchers, JenX is a botnet that advertises the ability to perform the query floods, attacks against NFO gaming servers, attacks against OVH, and attacks against TeamSpeak3 (TS3), an app used for voice and text chat. JenX also boasts the ability to perform DDoS attacks that reach over 1 terabyte per second (Tbps).

Read More
BotnetsNJCCICJenX, Satori, Huawei, Realtek
DDG

First detected in 2016, DDG is a Monero-mining botnet that targets Redis servers via brute-force attacks against SSH port 22 and OrientDB servers via the CVE-2017-11467 remote code execution vulnerability.

Read More
BotnetsNJCCICDDG
Smominru

Smominru is a botnet that, at the time of writing, is mostly comprised of over 526,000 Windows computers, which are primarily Windows servers. Although it has been observed delivering a variety of malware to vulnerable system such as Mirai DDoS malware and other trojans, its primary function is to generate profit for its operator(s) by mining cryptocurrency on infected systems.

Read More
Masuta

Researchers at NewSky Security discovered Masuta, a malware family developed from the source code of Mirai and likely developed by the creator of Satori known as "Nexus Zeta." From Masuta, a second version was created, dubbed PureMasuta, which leverages a flaw in the HNAP protocol in D-Link routers that was originally identified in 2015.

Read More
Satori

In late November 2017, Check Point analysts discovered Satori, a malware family developed from the source code of Mirai, engaging in bot activity, flooding targets with manually crafted UDP or TCP packets.

Read More
Fast Flux

Fast Flux is a multi-purpose botnet that is currently comprised of over 14,000 IP addresses and is used to host phishing sites, malware-embedded sites, C2 servers, and to conduct activities such as web scraping, SQL injections, and brute-force attacks against targets.

Read More
BotnetsNJCCICFast Flux
Flusihoc

Flusihoc is a DDoS botnet that was first observed in 2015. It targets systems running Windows OS and is thought to be responsible for more than 900 DDoS attacks from June through September 2017.

Read More
BotnetsNJCCICFlusihoc
Linux.ProxyM

Linux.ProxyM is a trojan that targets Linux-based devices using default login credentials. It is capable of infecting devices running on different architectures such as x86, MIPS, MIPSEL, PowerPC, ARM, Superh, Motorola 6800, and SPARC.

Read More
BotnetsNJCCICLinux.ProxyM
RouteX

RouteX is a Russian-owned botnet named after the malware used to infect Netgear routers and turn them into SOCKS proxies used to conduct credential stuffing attacks.

Read More
BotnetsNJCCICRouteX
WireX

WireX is a large botnet that leverages Android-powered mobile devices to perform distributed denial-of-service (DDoS) attacks on targets. Network traffic generated by WireX was discovered by researchers on August 2, 2017 and the source of the malware infections that formed the botnet was traced to approximately 300 mobile apps available for download on the Google Play Store.

Read More
BotnetsNJCCICWireX, Android
Stantinko

Stantinko is a massive and sophisticated adware botnet primarily targeting users in Russia and Ukraine. It is estimated to include approximately 500,000 infected systems at the time of this post.

Read More
BotnetsNJCCICstantinko
Zyklon

Zyklon, also known as Zyklon HTTP,  is a sophisticated botnet that is capable of performing various types of DDoS attacks such as HTTP flood, TCP flood, UDP flood, SYN flood, and Slowloris.

Read More
BotnetsNJCCICZyklon