GreyNoise Identifies New Scraper Botnet Concentrated in Taiwan
ATT&CK techniques detected
T1584.005Botnet
37%
“##noise users can track this botnet variant in the visualizer or via api. we recommend defenders : - block all ips participating in this botnet variant to prevent automated scraping activity. - monitor internal traffic for devices reaching out to or from these ips. - track simila…”
Which technique(s) should be tagged here? Pick zero or more — leaving blank just records that the original was wrong.
No matches for .
Loading techniques…
T1584.005Botnet
30%
“ports 80 - 85, evenly distributed. - user - agent : hello - world / 1. 0 greynoise has detected over 3, 600 unique ips matching this signature, geolocated around the world : of these ips : - 1, 359 ( 38 % ) are classified as malicious. - 122 ( 3 % ) are suspicious. - 2, 114 ( 59 …”
Which technique(s) should be tagged here? Pick zero or more — leaving blank just records that the original was wrong.
No matches for .
Loading techniques…
Summary
GreyNoise has identified a previously untracked variant of a scraper botnet, detectable through a globally unique network fingerprint. To detect it, GreyNoise analysts created a signature using JA4+, the suite of JA4 signatures used to fingerprint network traffic.