Sieren Botnet

Sieren is a botnet that can perform distributed denial-of-service (DDoS) attacks by sending floods of HTTP, HTTPS and UDP packets to specified web servers.

At the time of publication it is not known how Sieren initially infects new host devices. When Sieren is executed it sends the following system information to its command and control (C2) server:

  • Username
  • Machine name
  • Operating system version
  • Processor architecture

The C2 server responds with a target URL for the DDoS attack. Once the target URL is received, Sieren chooses the most relevant attack method and carries out the attack. Sieren stops the attack when the C2 server stops sending additional commands.

Sieren can also instruct infected hosts to install additional malware, update Sieren or uninstall Sieren.

Indicators of Compromise

File hash (MD5):

  • 320A600147693B3D135ED453FAC42E82

URLs:

  • cx93835[.]tmweb.ru/rrljw91zqd.exe
  • burgerkingfanbase[.]net/great.php

Duncan Newell

Duncan is a technology professional with over 20 years experience of working in various IT roles. He also has a wide range of other skills in radio, electronics and telecommunications.

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.

%d bloggers like this: