{"id":6674,"date":"2024-10-15T15:53:54","date_gmt":"2024-10-15T18:53:54","guid":{"rendered":"https:\/\/base4sec.com\/sin-categorizar\/gorillabot-una-botnet-en-expansion\/2024\/10\/15\/"},"modified":"2025-02-26T15:59:07","modified_gmt":"2025-02-26T18:59:07","slug":"gorillabot-una-botnet-en-expansion","status":"publish","type":"post","link":"https:\/\/base4sec.com\/en\/technical-en\/gorillabot-una-botnet-en-expansion\/2024\/10\/15\/","title":{"rendered":"GorillaBot: An Expanding Botnet"},"content":{"rendered":"<p>GorillaBot is a botnet, which means a network of compromised devices remotely controlled by<br \/>\ncybercriminals. It typically operates by infecting vulnerable systems, which are then used to execute<br \/>\nvarious malicious tasks without the knowledge of the device owners. Botnets are often used for<br \/>\nlarge-scale attacks, such as distributed denial of service (DDoS), in which multiple compromised<br \/>\ndevices flood a target system with traffic, causing it to crash or become unavailable.<br \/>\nOne of GorillaBot&amp;#39;s key features is its ability to control a large number of infected devices, which can<br \/>\ninclude computers, servers and even Internet of Things (IoT) devices such as routers and smart<br \/>\nhome appliances. The pervasive nature of these devices, combined with often lax security<br \/>\nmeasures, makes them attractive targets for botnet infections.<br \/>\nThis botnet operates under a command and control (C2) structure, allowing attackers to issue<br \/>\ncommands to all infected systems at once. This centralized management makes it easy for botnet<br \/>\noperators to coordinate attacks, steal sensitive data or distribute additional malware to infected<br \/>\nmachines.<br \/>\nGorillaBot from a technical point of view<br \/>\nGorillaBot operates as a sophisticated botnet, leveraging a multi-layered architecture designed to<br \/>\ncontrol and exploit a large network of compromised devices. Its core functionality revolves around<br \/>\nusing these devices to perform malicious activities, often at the behest of a central command and<br \/>\ncontrol (C2) server. GorillaBot typically communicates with its C2 server through encrypted<br \/>\nchannels, making it difficult for cybersecurity defenses to detect and analyze its traffic patterns.<br \/>\nThe botnet typically spreads through common infection vectors, such as exploiting vulnerabilities in<br \/>\nInternet services or using brute force attacks to compromise insecure systems. Once a device is<br \/>\ninfected, GorillaBot installs itself in such a way that it goes undetected by security software, often<br \/>\nusing techniques such as rootkits or obfuscation.<br \/>\nIts modular design allows it to quickly adapt to new scenarios, meaning GorillaBot can be upgraded<br \/>\nwith new capabilities, such as launching distributed denial-of-service (DDoS) attacks, stealing<br \/>\nsensitive information or deploying additional malware. It often operates in conjunction with other<br \/>\nforms of malware, creating a layered threat that is difficult to completely eradicate.<\/p>\n<p>It also uses a combination of persistence techniques to maintain its position on a compromised<br \/>\nsystem, including scheduled tasks, manipulation of system services, or fileless persistence methods<br \/>\nthat upload its malicious payload directly into memory. This allows it to survive system reboots or<br \/>\ntraditional cleanup methods, making it extremely difficult to remove manually without specialized<br \/>\ntools.<br \/>\nCommunication between individual botnet components and the C2 server typically uses techniques<br \/>\nsuch as domain generation algorithms (DGA) to create constantly changing domains, which adds<br \/>\nanother layer of obfuscation. This approach ensures that if a C2 server goes down, the botnet can<br \/>\nquickly re-establish communication with a new one, maintaining its operational integrity.<br \/>\nIn essence, GorillaBot is a highly adaptable and resilient threat that combines advanced technical<br \/>\nstrategies to spread, hide and persist within infected systems, all while continually evolving to evade<br \/>\ndetection and reinforce its malicious activities.<\/p>\n<p>Comparisons with other botnets<br \/>\nGorillaBot, like many botnets, operates as a network of compromised devices controlled by a single<br \/>\nentity, often for malicious purposes such as launching distributed denial-of-service (DDoS) attacks,<br \/>\ndata theft or spreading malware. Compared to other known botnets, GorillaBot has several<br \/>\ndistinguishing characteristics that set it apart in the cyber threat arena.<br \/>\nFor example, the Mirai botnet, one of the most infamous to date, primarily targeted IoT devices by<br \/>\nexploiting weak security measures such as default credentials. It was responsible for some of the<br \/>\nlargest DDoS attacks in history. GorillaBot, while similar in its ability to leverage large networks of<br \/>\ncompromised devices, can use more advanced techniques, such as encrypted communication<br \/>\nbetween infected devices and their command-and-control servers, making it difficult to detect.<br \/>\nEmotet, another well-known botnet, initially started as a banking Trojan and later evolved into a<br \/>\nmulti-purpose threat, capable of spreading additional malware through malicious payloads. It<br \/>\nbecame very modular, which made it versatile in its attack strategies. GorillaBot could be compared<br \/>\nto Emotet in terms of its adaptability, as botnets often evolve over time to incorporate new evasion<br \/>\nand infection tactics.<br \/>\nWhile GorillaBot may not have achieved the same level of notoriety as Mirai or Emotet (although it is<br \/>\nwell on its way to doing so), it could possess specific characteristics or tactics that make it especially<br \/>\ndangerous in specialized environments. For example, some botnets target specific industries or<br \/>\nregions, exploiting unique vulnerabilities that are not as widely exploited by more generalized<br \/>\nbotnets.<br \/>\nOverall, comparing GorillaBot to other botnets such as Mirai and Emotet highlights both common<br \/>\ncharacteristics of botnet operations-such as the use of compromised devices for large-scale attacks-<br \/>\nand the unique evolutions each botnet undergoes to adapt to the changing cybersecurity threat<br \/>\nlandscape. Understanding these differences is critical to developing effective defensive strategies<br \/>\nagainst GorillaBot and similar threats.<\/p>\n<p>Detection and mitigation strategies<br \/>\nDetecting and mitigating GorillaBot (like almost all botnets) requires a combination of proactive<br \/>\nmonitoring, advanced threat detection tools and strong cybersecurity hygiene. GorillaBot often<br \/>\ninfiltrates systems through vulnerabilities in IoT devices, weak passwords or unpatched software, so<br \/>\nearly detection is crucial to limit its spread.<br \/>\nDetection involves monitoring network traffic for unusual patterns, such as an increase in outbound<br \/>\nconnections to known command and control servers or irregular data flows. Deploying intrusion<br \/>\ndetection systems (IDSs) and intrusion prevention systems (IPSs) can help identify signs of infection<br \/>\nby analyzing network and host activity. In addition, threat intelligence feeds that are regularly<br \/>\nupdated with the latest information can alert administrators to potential threats.<br \/>\nMitigation focuses on isolating infected systems to prevent further spread, followed by a complete<br \/>\nremoval of the malware from the botnet. This process typically involves:<\/p>\n<p>\u25cf Network segmentation: Limit the movement of malicious traffic by isolating infected devices from the rest of the network.<br \/>\n\u25cf Device hardening: Ensure that all devices, especially IoT devices, have strong, unique<br \/>\npasswords and updated firmware.<\/p>\n<p>\u25cf Traffic filtering: Blocking communication with known malicious IPs or domains associated<br \/>\nwith GorillaBot&amp;#39;s command and control infrastructure.<\/p>\n<p>\u25cf Automatic patching: periodic application of security patches to correct vulnerabilities<br \/>\nexploited by botnets.<\/p>\n<p>\u25cf Incident response: Implementation of a clear response plan to remove malware from infected systems and prevent reinfection.<\/p>\n<p>Effective detection and mitigation of GorillaBot depends on continuous vigilance, as the botnet can evolve, using more sophisticated techniques to bypass traditional security measures. Therefore, a layered defense approach, combining monitoring, patching and response, is essential for organizations to protect their networks.<\/p>\n<p>Indicators of Commitment (IOC)<br \/>\nFile Hashes:<br \/>\n276adc6a55f13a229a5ff482e49f3a0b63cbfc2c626da269c67506636bb1ea307f134c477f307652bb884cafe98b0bf23a3be84df2435623132efd1cd9467b1703a59780b4c5a3c990d0031c959bf7cc5b37be51ee3d41c07d02795a853b857715f6a606ab74b66e1f7e4a01b4a6b2d7<\/p>\n<p>Command and control (C2):<br \/>\nGorillaBot has five C2 servers to which it connects, but the exact IP addresses have not beendisclosed. It uses techniques such as encryption to hide its communications, often employing UDP flooding attacks.<\/p>\n<p>Persistence mechanisms:<br \/>\nOften a script (lol.sh) is used for propagation.<\/p>\n<p>The malware creates a service file (custom.service) in \/etc\/systemd\/system\/ to run at startup,downloading malicious scripts from a remote server.<\/p>\n<p>Exploited vulnerabilities:<br \/>\nIt is known to exploit the Apache Hadoop YARN RPC vulnerability for remote code execution,allowing attackers to gain high-level privileges on compromised systems.<\/p>\n<p>DDoS vectors: GorillaBot uses a wide variety of attack methods, including:<br \/>\nUDP Flood<br \/>\nACK Bypass Flood<br \/>\nVSE Flood<br \/>\nSYN Flood<br \/>\nThe botnet demonstrates strong anti-detection capabilities, including mechanisms to bypass<br \/>\nhoneypots by checking the \/proc file system. This allows it to effectively maintain control over IoT<br \/>\ndevices and cloud environments.<\/p>\n<p>Conclusion<br \/>\nGorillaBot represents a potent and evolving threat within the broader botnet landscape, capable of<br \/>\ncausing significant damage through coordinated attacks. Its architecture is based on a sophisticated<br \/>\ncommand and control infrastructure that allows it to execute a variety of malicious activities, such as<br \/>\nlaunching DDoS attacks, collecting credentials or infiltrating IoT devices. Over the years, GorillaBot<br \/>\nhas been involved in multiple high-profile incidents, highlighting the persistent risk that botnets pose<br \/>\nto both organizations and individuals.<br \/>\nCompared to other notorious botnets, GorillaBot stands out for its ability to exploit vulnerabilities in<br \/>\nunprotected IoT devices and its adaptability to evade detection. This makes it especially dangerous,<br \/>\nas it can quickly compromise systems with weak security configurations. Moreover, its evolution<br \/>\nshows how attackers continue to refine their techniques, making detection and prevention<br \/>\nincreasingly difficult.<\/p>\n<p>The best defense against GorillaBot lies in a multi-layered approach to detection and mitigation,<br \/>\nincluding the implementation of IDS\/IPS systems, network segmentation, strong password policies<br \/>\nand regular patching. By providing indicators of compromise (IOCs), organizations can improve their<br \/>\nthreat intelligence and better protect themselves from this and similar threats. Staying vigilant,<br \/>\ncontinually updating defenses and implementing a robust incident response plan are critical steps to<br \/>\nminimize the risks posed by GorillaBot.<br \/>\nAs botnets like GorillaBot evolve, cybersecurity strategies must keep pace, ensuring that the tools<br \/>\nand practices used to detect and mitigate these threats are up-to-date and effective. In this rapidly<br \/>\nchanging landscape, early detection and rapid mitigation remain the most effective ways to limit the<br \/>\ndamage and spread of botnets.<\/p>\n","protected":false},"excerpt":{"rendered":"<p>GorillaBot is a botnet, which means a network of compromised devices remotely controlled by cybercriminals. It typically operates by infecting vulnerable systems, which are then used to execute various malicious tasks without the knowledge of the device owners. Botnets are often used for large-scale attacks, such as distributed denial of service (DDoS), in which multiple [&hellip;]<\/p>\n","protected":false},"author":5,"featured_media":6669,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"_wpcom_ai_launchpad_first_post":false,"footnotes":"","jetpack_post_was_ever_published":false},"categories":[259],"tags":[],"class_list":["post-6674","post","type-post","status-publish","format-standard","has-post-thumbnail","category-technical-en"],"yoast_head":"<!-- This site is optimized with the Yoast SEO Premium plugin v27.9 (Yoast SEO v27.9) - https:\/\/yoast.com\/product\/yoast-seo-premium-wordpress\/ -->\n<title>GorillaBot: An Expanding Botnet - BASE4 Security<\/title>\n<meta name=\"description\" content=\"BASE4 Security, consultora de ciberseguridad con presencia en Argentina, Chile, Per\u00fa, Colombia, M\u00e9xico y Espa\u00f1a. Servicios de CyberSOC, Red Team, GRC y Zero Trust.\" \/>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/base4sec.com\/en\/technical-en\/gorillabot-una-botnet-en-expansion\/2024\/10\/15\/\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"GorillaBot: An Expanding Botnet\" \/>\n<meta property=\"og:description\" content=\"An\u00e1lisis t\u00e9cnico y estrategia de ciberseguridad por el equipo de BASE4 Security. Insights sobre CyberSOC, Red Team, GRC y Zero Trust para LATAM y Espa\u00f1a.\" \/>\n<meta property=\"og:url\" content=\"https:\/\/base4sec.com\/en\/technical-en\/gorillabot-una-botnet-en-expansion\/2024\/10\/15\/\" \/>\n<meta property=\"og:site_name\" content=\"BASE4 Security\" \/>\n<meta property=\"article:published_time\" content=\"2024-10-15T18:53:54+00:00\" \/>\n<meta property=\"article:modified_time\" content=\"2025-02-26T18:59:07+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/base4sec.com\/wp-content\/uploads\/2025\/02\/15_10x2.png\" \/>\n\t<meta property=\"og:image:width\" content=\"600\" \/>\n\t<meta property=\"og:image:height\" content=\"600\" \/>\n\t<meta property=\"og:image:type\" content=\"image\/png\" \/>\n<meta name=\"author\" content=\"Base4 Security Research\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"Base4 Security Research\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"8 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\\\/\\\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\\\/\\\/base4sec.com\\\/en\\\/technical-en\\\/gorillabot-una-botnet-en-expansion\\\/2024\\\/10\\\/15\\\/#article\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/base4sec.com\\\/en\\\/technical-en\\\/gorillabot-una-botnet-en-expansion\\\/2024\\\/10\\\/15\\\/\"},\"author\":{\"name\":\"Base4 Security Research\",\"@id\":\"\\\/#\\\/schema\\\/person\\\/5905e7398728c03dbec3772861bd4f99\"},\"headline\":\"GorillaBot: An Expanding Botnet\",\"datePublished\":\"2024-10-15T18:53:54+00:00\",\"dateModified\":\"2025-02-26T18:59:07+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\\\/\\\/base4sec.com\\\/en\\\/technical-en\\\/gorillabot-una-botnet-en-expansion\\\/2024\\\/10\\\/15\\\/\"},\"wordCount\":1531,\"commentCount\":0,\"publisher\":{\"@id\":\"\\\/#organization\"},\"image\":{\"@id\":\"https:\\\/\\\/base4sec.com\\\/en\\\/technical-en\\\/gorillabot-una-botnet-en-expansion\\\/2024\\\/10\\\/15\\\/#primaryimage\"},\"thumbnailUrl\":\"https:\\\/\\\/base4sec.com\\\/wp-content\\\/uploads\\\/2025\\\/02\\\/15_10x2.png\",\"articleSection\":[\"Technical\"],\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"CommentAction\",\"name\":\"Comment\",\"target\":[\"https:\\\/\\\/base4sec.com\\\/en\\\/technical-en\\\/gorillabot-una-botnet-en-expansion\\\/2024\\\/10\\\/15\\\/#respond\"]}]},{\"@type\":\"WebPage\",\"@id\":\"https:\\\/\\\/base4sec.com\\\/en\\\/technical-en\\\/gorillabot-una-botnet-en-expansion\\\/2024\\\/10\\\/15\\\/\",\"url\":\"https:\\\/\\\/base4sec.com\\\/en\\\/technical-en\\\/gorillabot-una-botnet-en-expansion\\\/2024\\\/10\\\/15\\\/\",\"name\":\"GorillaBot: An Expanding Botnet - BASE4 Security\",\"isPartOf\":{\"@id\":\"\\\/#website\"},\"primaryImageOfPage\":{\"@id\":\"https:\\\/\\\/base4sec.com\\\/en\\\/technical-en\\\/gorillabot-una-botnet-en-expansion\\\/2024\\\/10\\\/15\\\/#primaryimage\"},\"image\":{\"@id\":\"https:\\\/\\\/base4sec.com\\\/en\\\/technical-en\\\/gorillabot-una-botnet-en-expansion\\\/2024\\\/10\\\/15\\\/#primaryimage\"},\"thumbnailUrl\":\"https:\\\/\\\/base4sec.com\\\/wp-content\\\/uploads\\\/2025\\\/02\\\/15_10x2.png\",\"datePublished\":\"2024-10-15T18:53:54+00:00\",\"dateModified\":\"2025-02-26T18:59:07+00:00\",\"description\":\"BASE4 Security, consultora de ciberseguridad con presencia en Argentina, Chile, Per\u00fa, Colombia, M\u00e9xico y Espa\u00f1a. Servicios de CyberSOC, Red Team, GRC y Zero Trust.\",\"breadcrumb\":{\"@id\":\"https:\\\/\\\/base4sec.com\\\/en\\\/technical-en\\\/gorillabot-una-botnet-en-expansion\\\/2024\\\/10\\\/15\\\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\\\/\\\/base4sec.com\\\/en\\\/technical-en\\\/gorillabot-una-botnet-en-expansion\\\/2024\\\/10\\\/15\\\/\"]}]},{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/base4sec.com\\\/en\\\/technical-en\\\/gorillabot-una-botnet-en-expansion\\\/2024\\\/10\\\/15\\\/#primaryimage\",\"url\":\"https:\\\/\\\/base4sec.com\\\/wp-content\\\/uploads\\\/2025\\\/02\\\/15_10x2.png\",\"contentUrl\":\"https:\\\/\\\/base4sec.com\\\/wp-content\\\/uploads\\\/2025\\\/02\\\/15_10x2.png\",\"width\":600,\"height\":600,\"caption\":\"Martin Gelbort (Cybersecurity Researcher &amp; Trainer)\"},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\\\/\\\/base4sec.com\\\/en\\\/technical-en\\\/gorillabot-una-botnet-en-expansion\\\/2024\\\/10\\\/15\\\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Inicio\",\"item\":\"https:\\\/\\\/base4sec.com\\\/en\\\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"GorillaBot: An Expanding Botnet\"}]},{\"@type\":\"WebSite\",\"@id\":\"\\\/#website\",\"url\":\"\\\/\",\"name\":\"BASE4 Security\",\"description\":\"Your cyber ally\",\"publisher\":{\"@id\":\"\\\/#organization\"},\"alternateName\":\"B4\",\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"\\\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"en-US\"},{\"@type\":\"Organization\",\"@id\":\"\\\/#organization\",\"name\":\"BASE4 Security\",\"url\":\"\\\/\",\"logo\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"\\\/#\\\/schema\\\/logo\\\/image\\\/\",\"url\":\"https:\\\/\\\/base4sec.com\\\/wp-content\\\/uploads\\\/2024\\\/10\\\/Logo_policromo_negativo.png\",\"contentUrl\":\"https:\\\/\\\/base4sec.com\\\/wp-content\\\/uploads\\\/2024\\\/10\\\/Logo_policromo_negativo.png\",\"width\":372,\"height\":227,\"caption\":\"BASE4 Security\"},\"image\":{\"@id\":\"\\\/#\\\/schema\\\/logo\\\/image\\\/\"},\"sameAs\":[\"https:\\\/\\\/www.linkedin.com\\\/company\\\/base4-security\"],\"description\":\"BASE4 Security es una consultora de ciberseguridad B2B con prop\u00f3sito, fundada en Argentina y con operaciones en Argentina, Chile, Per\u00fa, Colombia, M\u00e9xico y Espa\u00f1a. Ofrece servicios de CyberSOC, Red Team, GRC, Identity Security, Cloud Security y Application Security para empresas en SOLA y NOLA.\",\"email\":\"info@base4sec.com\",\"telephone\":\"02262653623\",\"legalName\":\"BASE4 Security\",\"foundingDate\":\"2008-01-16\",\"numberOfEmployees\":{\"@type\":\"QuantitativeValue\",\"minValue\":\"51\",\"maxValue\":\"200\"}},{\"@type\":\"Person\",\"@id\":\"\\\/#\\\/schema\\\/person\\\/5905e7398728c03dbec3772861bd4f99\",\"name\":\"Base4 Security Research\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/2fd8bd108b76c23a0df95f08c42f3f8653e30a2562d252777bc2a74096d212e4?s=96&d=mm&r=g\",\"url\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/2fd8bd108b76c23a0df95f08c42f3f8653e30a2562d252777bc2a74096d212e4?s=96&d=mm&r=g\",\"contentUrl\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/2fd8bd108b76c23a0df95f08c42f3f8653e30a2562d252777bc2a74096d212e4?s=96&d=mm&r=g\",\"caption\":\"Base4 Security Research\"},\"url\":\"https:\\\/\\\/base4sec.com\\\/en\\\/author\\\/cliteplo\\\/\"}]}<\/script>\n<!-- \/ Yoast SEO Premium plugin. -->","yoast_head_json":{"title":"GorillaBot: An Expanding Botnet - BASE4 Security","description":"BASE4 Security, consultora de ciberseguridad con presencia en Argentina, Chile, Per\u00fa, Colombia, M\u00e9xico y Espa\u00f1a. Servicios de CyberSOC, Red Team, GRC y Zero Trust.","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/base4sec.com\/en\/technical-en\/gorillabot-una-botnet-en-expansion\/2024\/10\/15\/","og_locale":"en_US","og_type":"article","og_title":"GorillaBot: An Expanding Botnet","og_description":"An\u00e1lisis t\u00e9cnico y estrategia de ciberseguridad por el equipo de BASE4 Security. Insights sobre CyberSOC, Red Team, GRC y Zero Trust para LATAM y Espa\u00f1a.","og_url":"https:\/\/base4sec.com\/en\/technical-en\/gorillabot-una-botnet-en-expansion\/2024\/10\/15\/","og_site_name":"BASE4 Security","article_published_time":"2024-10-15T18:53:54+00:00","article_modified_time":"2025-02-26T18:59:07+00:00","og_image":[{"width":600,"height":600,"url":"https:\/\/base4sec.com\/wp-content\/uploads\/2025\/02\/15_10x2.png","type":"image\/png"}],"author":"Base4 Security Research","twitter_card":"summary_large_image","twitter_misc":{"Written by":"Base4 Security Research","Est. reading time":"8 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/base4sec.com\/en\/technical-en\/gorillabot-una-botnet-en-expansion\/2024\/10\/15\/#article","isPartOf":{"@id":"https:\/\/base4sec.com\/en\/technical-en\/gorillabot-una-botnet-en-expansion\/2024\/10\/15\/"},"author":{"name":"Base4 Security Research","@id":"\/#\/schema\/person\/5905e7398728c03dbec3772861bd4f99"},"headline":"GorillaBot: An Expanding Botnet","datePublished":"2024-10-15T18:53:54+00:00","dateModified":"2025-02-26T18:59:07+00:00","mainEntityOfPage":{"@id":"https:\/\/base4sec.com\/en\/technical-en\/gorillabot-una-botnet-en-expansion\/2024\/10\/15\/"},"wordCount":1531,"commentCount":0,"publisher":{"@id":"\/#organization"},"image":{"@id":"https:\/\/base4sec.com\/en\/technical-en\/gorillabot-una-botnet-en-expansion\/2024\/10\/15\/#primaryimage"},"thumbnailUrl":"https:\/\/base4sec.com\/wp-content\/uploads\/2025\/02\/15_10x2.png","articleSection":["Technical"],"inLanguage":"en-US","potentialAction":[{"@type":"CommentAction","name":"Comment","target":["https:\/\/base4sec.com\/en\/technical-en\/gorillabot-una-botnet-en-expansion\/2024\/10\/15\/#respond"]}]},{"@type":"WebPage","@id":"https:\/\/base4sec.com\/en\/technical-en\/gorillabot-una-botnet-en-expansion\/2024\/10\/15\/","url":"https:\/\/base4sec.com\/en\/technical-en\/gorillabot-una-botnet-en-expansion\/2024\/10\/15\/","name":"GorillaBot: An Expanding Botnet - BASE4 Security","isPartOf":{"@id":"\/#website"},"primaryImageOfPage":{"@id":"https:\/\/base4sec.com\/en\/technical-en\/gorillabot-una-botnet-en-expansion\/2024\/10\/15\/#primaryimage"},"image":{"@id":"https:\/\/base4sec.com\/en\/technical-en\/gorillabot-una-botnet-en-expansion\/2024\/10\/15\/#primaryimage"},"thumbnailUrl":"https:\/\/base4sec.com\/wp-content\/uploads\/2025\/02\/15_10x2.png","datePublished":"2024-10-15T18:53:54+00:00","dateModified":"2025-02-26T18:59:07+00:00","description":"BASE4 Security, consultora de ciberseguridad con presencia en Argentina, Chile, Per\u00fa, Colombia, M\u00e9xico y Espa\u00f1a. Servicios de CyberSOC, Red Team, GRC y Zero Trust.","breadcrumb":{"@id":"https:\/\/base4sec.com\/en\/technical-en\/gorillabot-una-botnet-en-expansion\/2024\/10\/15\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/base4sec.com\/en\/technical-en\/gorillabot-una-botnet-en-expansion\/2024\/10\/15\/"]}]},{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/base4sec.com\/en\/technical-en\/gorillabot-una-botnet-en-expansion\/2024\/10\/15\/#primaryimage","url":"https:\/\/base4sec.com\/wp-content\/uploads\/2025\/02\/15_10x2.png","contentUrl":"https:\/\/base4sec.com\/wp-content\/uploads\/2025\/02\/15_10x2.png","width":600,"height":600,"caption":"Martin Gelbort (Cybersecurity Researcher &amp; Trainer)"},{"@type":"BreadcrumbList","@id":"https:\/\/base4sec.com\/en\/technical-en\/gorillabot-una-botnet-en-expansion\/2024\/10\/15\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Inicio","item":"https:\/\/base4sec.com\/en\/"},{"@type":"ListItem","position":2,"name":"GorillaBot: An Expanding Botnet"}]},{"@type":"WebSite","@id":"\/#website","url":"\/","name":"BASE4 Security","description":"Your cyber ally","publisher":{"@id":"\/#organization"},"alternateName":"B4","potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-US"},{"@type":"Organization","@id":"\/#organization","name":"BASE4 Security","url":"\/","logo":{"@type":"ImageObject","inLanguage":"en-US","@id":"\/#\/schema\/logo\/image\/","url":"https:\/\/base4sec.com\/wp-content\/uploads\/2024\/10\/Logo_policromo_negativo.png","contentUrl":"https:\/\/base4sec.com\/wp-content\/uploads\/2024\/10\/Logo_policromo_negativo.png","width":372,"height":227,"caption":"BASE4 Security"},"image":{"@id":"\/#\/schema\/logo\/image\/"},"sameAs":["https:\/\/www.linkedin.com\/company\/base4-security"],"description":"BASE4 Security es una consultora de ciberseguridad B2B con prop\u00f3sito, fundada en Argentina y con operaciones en Argentina, Chile, Per\u00fa, Colombia, M\u00e9xico y Espa\u00f1a. Ofrece servicios de CyberSOC, Red Team, GRC, Identity Security, Cloud Security y Application Security para empresas en SOLA y NOLA.","email":"info@base4sec.com","telephone":"02262653623","legalName":"BASE4 Security","foundingDate":"2008-01-16","numberOfEmployees":{"@type":"QuantitativeValue","minValue":"51","maxValue":"200"}},{"@type":"Person","@id":"\/#\/schema\/person\/5905e7398728c03dbec3772861bd4f99","name":"Base4 Security Research","image":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/secure.gravatar.com\/avatar\/2fd8bd108b76c23a0df95f08c42f3f8653e30a2562d252777bc2a74096d212e4?s=96&d=mm&r=g","url":"https:\/\/secure.gravatar.com\/avatar\/2fd8bd108b76c23a0df95f08c42f3f8653e30a2562d252777bc2a74096d212e4?s=96&d=mm&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/2fd8bd108b76c23a0df95f08c42f3f8653e30a2562d252777bc2a74096d212e4?s=96&d=mm&r=g","caption":"Base4 Security Research"},"url":"https:\/\/base4sec.com\/en\/author\/cliteplo\/"}]}},"jetpack_featured_media_url":"https:\/\/base4sec.com\/wp-content\/uploads\/2025\/02\/15_10x2.png","_links":{"self":[{"href":"https:\/\/base4sec.com\/en\/wp-json\/wp\/v2\/posts\/6674","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/base4sec.com\/en\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/base4sec.com\/en\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/base4sec.com\/en\/wp-json\/wp\/v2\/users\/5"}],"replies":[{"embeddable":true,"href":"https:\/\/base4sec.com\/en\/wp-json\/wp\/v2\/comments?post=6674"}],"version-history":[{"count":2,"href":"https:\/\/base4sec.com\/en\/wp-json\/wp\/v2\/posts\/6674\/revisions"}],"predecessor-version":[{"id":6677,"href":"https:\/\/base4sec.com\/en\/wp-json\/wp\/v2\/posts\/6674\/revisions\/6677"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/base4sec.com\/en\/wp-json\/wp\/v2\/media\/6669"}],"wp:attachment":[{"href":"https:\/\/base4sec.com\/en\/wp-json\/wp\/v2\/media?parent=6674"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/base4sec.com\/en\/wp-json\/wp\/v2\/categories?post=6674"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/base4sec.com\/en\/wp-json\/wp\/v2\/tags?post=6674"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}