The Elastic Botnet
概要
Novetta has collected and shares within this report evidence that suggests multiple actors,
possibly working independently while sharing information between themselves, are exploiting the Elasticsearch vulnerability primarily to establish widespread DDoS botnet infrastructures. Using both the Elknot and BillGates DDoS malware, these attackers have continued to infect vulnerable Elasticsearch servers in order to enhance their DDoS capabilities. The continuous scanning and exploitation of Elasticsearch servers is the most visible feature of these actors, and some actors have continued to infect and reinfect servers for weeks on end.
Created: 2026-02-23
Indicators
類似Pulses
このPulseに関連する脅威アクター (事実ベース)
Score: 16.27
Matched TTPs:
- T1583 - Acquire Infrastructure
- T1608.001 - Upload Malware
- T1587 - Develop Capabilities
- T1588.005 - Exploits
- T1102.001 - Dead Drop Resolver
MITREへのリンク →
Score: 3.03
Matched TTPs:
- T1583 - Acquire Infrastructure
MITREへのリンク →
Score: 12.50
Matched TTPs:
- T1583 - Acquire Infrastructure
- T1560 - Archive Collected Data
- T1210 - Exploitation of Remote Services
- T1588.005 - Exploits
MITREへのリンク →
Score: 5.87
Matched TTPs:
- T1583 - Acquire Infrastructure
- T1584.004 - Server
MITREへのリンク →
Score: 3.03
Matched TTPs:
- T1583 - Acquire Infrastructure
MITREへのリンク →
Score: 12.98
Matched TTPs:
- T1583 - Acquire Infrastructure
- T1608.001 - Upload Malware
- T1681 - Search Threat Vendor Data
- T1587 - Develop Capabilities
MITREへのリンク →
Score: 19.84
Matched TTPs:
- T1583 - Acquire Infrastructure
- T1588.006 - Vulnerabilities
- T1608.001 - Upload Malware
- T1584.005 - Botnet
- T1499 - Endpoint Denial of Service
- T1584.004 - Server
MITREへのリンク →
Score: 5.01
Matched TTPs:
- T1583 - Acquire Infrastructure
- T1608.001 - Upload Malware
MITREへのリンク →
Score: 10.30
Matched TTPs:
- T1588.006 - Vulnerabilities
- T1584.005 - Botnet
- T1584.004 - Server
MITREへのリンク →
Score: 3.84
Matched TTPs:
- T1588.006 - Vulnerabilities
MITREへのリンク →
Score: 7.47
Matched TTPs:
- T1583.005 - Botnet
- T1584.005 - Botnet
MITREへのリンク →
Score: 6.44
Matched TTPs:
- T1583.005 - Botnet
- T1560 - Archive Collected Data
MITREへのリンク →
Score: 8.38
Matched TTPs:
- T1586.003 - Cloud Accounts
- T1550.003 - Pass the Ticket
MITREへのリンク →
Score: 7.55
Matched TTPs:
- T1608.001 - Upload Malware
- T1210 - Exploitation of Remote Services
- T1584.004 - Server
MITREへのリンク →
Score: 10.64
Matched TTPs:
- T1608.001 - Upload Malware
- T1176.002 - IDE Extensions
- T1027.007 - Dynamic API Resolution
MITREへのリンク →
Score: 4.57
Matched TTPs:
- T1608.001 - Upload Malware
- T1560 - Archive Collected Data
MITREへのリンク →
Score: 6.51
Matched TTPs:
- T1608.001 - Upload Malware
- T1608.006 - SEO Poisoning
MITREへのリンク →
Score: 6.51
Matched TTPs:
- T1608.001 - Upload Malware
- T1137.004 - Outlook Home Page
MITREへのリンク →
Score: 6.11
Matched TTPs:
- T1608.001 - Upload Malware
- T1561.001 - Disk Content Wipe
MITREへのリンク →
Score: 4.72
Matched TTPs:
- T1608.001 - Upload Malware
- T1210 - Exploitation of Remote Services
MITREへのリンク →
Score: 4.57
Matched TTPs:
- T1608.001 - Upload Malware
- T1560 - Archive Collected Data
MITREへのリンク →
Score: 8.41
Matched TTPs:
- T1608.001 - Upload Malware
- T1560 - Archive Collected Data
- T1550.003 - Pass the Ticket
MITREへのリンク →
Score: 5.82
Matched TTPs:
- T1608.001 - Upload Malware
- T1587 - Develop Capabilities
MITREへのリンク →
Score: 4.72
Matched TTPs:
- T1608.001 - Upload Malware
- T1210 - Exploitation of Remote Services
MITREへのリンク →
Score: 8.17
Matched TTPs:
- T1560 - Archive Collected Data
- T1210 - Exploitation of Remote Services
- T1584.004 - Server
MITREへのリンク →
Score: 5.88
Matched TTPs:
- T1560 - Archive Collected Data
- T1102.001 - Dead Drop Resolver
MITREへのリンク →
Score: 6.21
Matched TTPs:
- T1560 - Archive Collected Data
- T1584.005 - Botnet
MITREへのリンク →
Score: 13.69
Matched TTPs:
- T1560 - Archive Collected Data
- T1584.004 - Server
- T1027.007 - Dynamic API Resolution
- T1561.001 - Disk Content Wipe
MITREへのリンク →
Score: 5.34
Matched TTPs:
- T1560 - Archive Collected Data
- T1210 - Exploitation of Remote Services
MITREへのリンク →
Score: 5.34
Matched TTPs:
- T1560 - Archive Collected Data
- T1210 - Exploitation of Remote Services
MITREへのリンク →
Score: 5.43
Matched TTPs:
- T1560 - Archive Collected Data
- T1584.004 - Server
MITREへのリンク →
Score: 4.13
Matched TTPs:
- T1681 - Search Threat Vendor Data
MITREへのリンク →
Score: 7.13
Matched TTPs:
- T1550.003 - Pass the Ticket
- T1102.001 - Dead Drop Resolver
MITREへのリンク →
Score: 4.13
Matched TTPs:
- T1578.002 - Create Cloud Instance
MITREへのリンク →
Score: 4.13
Matched TTPs:
- T1578.002 - Create Cloud Instance
MITREへのリンク →
Score: 3.29
Matched TTPs:
- T1102.001 - Dead Drop Resolver
MITREへのリンク →
Score: 3.29
Matched TTPs:
- T1102.001 - Dead Drop Resolver
MITREへのリンク →
Score: 3.29
Matched TTPs:
- T1102.001 - Dead Drop Resolver
MITREへのリンク →
このPulseに関連する脅威アクター (推論ベース)
Score: 0.83
Matched TTPs:
- T1588.006 - Vulnerabilities
- T1499 - Endpoint Denial of Service
- T1608.001 - Upload Malware
- T1584.004 - Server
- T1584.005 - Botnet
- T1583 - Acquire Infrastructure
MITREへのリンク →
Score: 0.66
Matched TTPs:
- T1608.001 - Upload Malware
- T1588.005 - Exploits
- T1587 - Develop Capabilities
- T1102.001 - Dead Drop Resolver
- T1583 - Acquire Infrastructure
MITREへのリンク →
Score: 0.57
Matched TTPs:
- T1561.001 - Disk Content Wipe
- T1027.007 - Dynamic API Resolution
- T1584.004 - Server
- T1560 - Archive Collected Data
MITREへのリンク →
Related CVEs
このPulseに見つかったCVEはありません。
Pulse – 脅威アクター グラフ
← Pulse一覧に戻る
Trusted Design