Technology NewsTechnology NewsTechnology News
  • Computing
  • AI
  • Robotics
  • Cybersecurity
  • Electric Vehicle
  • Wearables
  • Gaming
  • Space
Reading: Threat Actors Utilize High-Performance Bots for Cyber Attacks
Share
Font ResizerAa
Technology NewsTechnology News
Font ResizerAa
Search
  • Computing
  • AI
  • Robotics
  • Cybersecurity
  • Electric Vehicle
  • Wearables
  • Gaming
  • Space
Follow US
  • Cookie Policy (EU)
  • Contact
  • About
© 2025 NEWSLINKER - Powered by LK SOFTWARE
Cybersecurity

Threat Actors Utilize High-Performance Bots for Cyber Attacks

Highlights

  • Threat actors abuse high-performance bots for automated cyber attacks.

  • Bondnet uses compromised systems as Command and Control servers.

  • Cloudflare tunneling client plays a crucial role in Bondnet's strategy.

Kaan Demirel
Last updated: 14 June, 2024 - 2:46 pm 2:46 pm
Kaan Demirel 12 months ago
Share
SHARE

Cybersecurity researchers have pinpointed how threat actors are leveraging high-performance bots to execute large-scale automated attacks. These bots, known for their efficiency, can inundate systems, pilfer information, and autonomously carry out sophisticated cyber operations. The recent activities of a group known as Bondnet have been particularly notable in this regard.

Contents
Technical AnalysisIndicators of Compromise (IOCs)

Launched in 2017, Bondnet is a threat actor group that uses backdoors and cryptocurrency miners to infiltrate systems. The group recently updated its tactics, configuring reverse RDP environments on high-performance, compromised devices to use them as Command and Control (C2) servers. This involved modifying open-source reverse proxy tools and embedding their own proxy server information.

Technical Analysis

Bondnet’s approach included setting up an FRP-based reverse RDP environment. They also ran programs like the Cloudflare tunneling client on compromised targets to ensure remote access. By linking these systems to the Cloudflare-hosted C2 domain, Bondnet maintained control over valuable compromised resources.

One of the tools used in these operations was HFS, which provided file server services on TCP port 4000. This software resembled Bondnet’s Command and Control infrastructure but encountered environmental issues, preventing full observation of its transition into a C2 node. Despite these issues, evidence suggested that Bondnet aimed to exploit these high-speed systems as part of their C2 infrastructure.

Bondnet’s strategy involved using the Cloudflare tunneling client and HFS program to connect compromised systems with their C2 domain. While no data exfiltration or lateral movement was detected, the HFS program’s user interface hinted at its intended use. However, the HFS program did not function correctly during analysis, leading Bondnet to potentially use another compromised bot with different tools.

Indicators of Compromise (IOCs)

MD5s:

  • D6B2FEEA1F03314B21B7BB1EF2294B72 (smss.exe)
  • 2513EB59C3DB32A2D5EFBEDE6136A75D (mf)
  • E919EDC79708666CD3822F469F1C3714 (hotfixl.exe)
  • 432BF16E0663A07E4BD4C4EAD68D8D3D (main.exe)
  • 9B7BE5271731CFFC51EBDF9E419FA7C3 (dss.exe)
  • 7F31636F9B74AB93A268F5A473066053 (BulletsPassView64.exe)
  • D28F0CFAE377553FCB85918C29F4889B (VNCPassView.exe)
  • 6121393A37C3178E7C82D1906EA16FD4 (PstPassword.exe)
  • 0753CAB27F143E009012053208B7F63E (netpass64.exe)
  • 782DD6152AB52361EBA2BAFD67771FA0 (mailpv.exe)
  • 8CAFDBB0A919A1DE8E0E9E38F8AA19BD (PCHunter32.exe)
  • 00FA7F88C54E4A7ABF4863734A8F2017 (fast.exe)
  • AD3D95371C1A8465AC73A3BC2817D083 (kit.bat)
  • 15069DA45E5358578105F729EC1C2D0B (zmass_2.bat)
  • 28C2B019082763C7A90EF63BFD2F833A (dss.bat)
  • 5410539E34FB934133D6C689072BA49D (mimikatz.exe)
  • 59FEB67C537C71B256ADD4F3CBCB701C (ntuser.cpl)
  • 0FC84B8B2BD57E1CF90D8D972A147503 (httpd.exe)
  • 057D5C5E6B3F3D366E72195B0954283B (check.exe)
  • 35EE8D4E45716871CB31A80555C3D33E (UpSql.exe)
  • 1F7DF25F6090F182534DDEF93F27073D (svchost.exe)
  • DC8A0D509E84B92FBF7E794FBBE6625B (svchost.com)
  • 76B916F3EEB80D44915D8C01200D0A94 (RouterPassView.exe)
  • 44BD492DFB54107EBFE063FCBFBDDFF5 (rdpv.exe)
  • E0DB0BF8929CCAAF6C085431BE676C45 (mass.dll)
  • DF218168BF83D26386DFD4ECE7AEF2D0 (mspass.exe)
  • 35861F4EA9A8ECB6C357BDB91B7DF804 (pspv.exe)

URLs and C2s:

  • 223.223.188[.]19
  • 185.141.26[.]116/stats.php
  • 185.141.26[.]116/hotfixl.ico
  • 185.141.26[.]116/winupdate.css
  • 84.46.22[.]158:7000
  • 46.59.214[.]14:7000
  • 46.59.210[.]69:7000
  • 47.99.155[.]111
  • d.mymst[.]top
  • m.mymst[.]top
  • frp.mymst007[.]top
You can follow us on Youtube, Telegram, Facebook, Linkedin, Twitter ( X ), Mastodon and Bluesky

You Might Also Like

Attackers Target Ivanti EPMM Flaws, Breaching Major Sectors

Russian Cyber Group Strikes NATO and Ukraine, Hits Key Sectors

International Sting Disrupts Core Ransomware Infrastructure

Authorities Disrupt DanaBot Cybercrime Network with Global Effort

Global Operation Disrupts 10 Million Device Malware Network

Share This Article
Facebook Twitter Copy Link Print
Kaan Demirel
By Kaan Demirel
Kaan Demirel is a 28-year-old gaming enthusiast residing in Ankara. After graduating from the Statistics department of METU, he completed his master's degree in computer science. Kaan has a particular interest in strategy and simulation games and spends his free time playing competitive games and continuously learning new things about technology and game development. He is also interested in electric vehicles and cyber security. He works as a content editor at NewsLinker, where he leverages his passion for technology and gaming.
Previous Article Hubble Observes Ancient NGC 2005 Globular Cluster
Next Article Recover Deleted Files on Mac Using Multiple Methods

Stay Connected

6.2kLike
8kFollow
2.3kSubscribe
1.7kFollow

Latest News

Nvidia Targets Budget Gaming Laptops with New RTX 5050 Launch
Computing
Analyst Cites Concerns as Future Fund Sells All Tesla Shares
Electric Vehicle
Google Detects Chinese-Linked Cyber Attacks Using Calendar Service
Technology
Tesla Brings iPhone Live Charging Updates to Supercharger Users
Apple Electric Vehicle
Salesforce Bets on Informatica to Boost Enterprise AI Capabilities
AI
NEWSLINKER – your premier source for the latest updates in ai, robotics, electric vehicle, gaming, and technology. We are dedicated to bringing you the most accurate, timely, and engaging content from across these dynamic industries. Join us on our journey of discovery and stay informed in this ever-evolving digital age.

ARTIFICAL INTELLIGENCE

  • Can Artificial Intelligence Achieve Consciousness?
  • What is Artificial Intelligence (AI)?
  • How does Artificial Intelligence Work?
  • Will AI Take Over the World?
  • What Is OpenAI?
  • What is Artifical General Intelligence?

ELECTRIC VEHICLE

  • What is Electric Vehicle in Simple Words?
  • How do Electric Cars Work?
  • What is the Advantage and Disadvantage of Electric Cars?
  • Is Electric Car the Future?

RESEARCH

  • Robotics Market Research & Report
  • Everything you need to know about IoT
  • What Is Wearable Technology?
  • What is FANUC Robotics?
  • What is Anthropic AI?
Technology NewsTechnology News
Follow US
About Us   -  Cookie Policy   -   Contact

© 2025 NEWSLINKER. Powered by LK SOFTWARE
Welcome Back!

Sign in to your account

Register Lost your password?