Thank you for your interest in CYFIRMA. If you would like to learn more and download our material, please fill out the form here.
EnemyBot is a Linux-based botnet attributed to a threat group Keksec which is also known as Kek Security. The group is known for exploiting vulnerabilities to attack multiple architectures with polymorphic tools that include Linux and Windows payloads as well as custom Python malware to carry out crypto mining and Distributed Denial of Service (DDoS) attacks. The group adopts a Build, Operate and Distribute model for its operation, enhancing its malware with leaked botnet source codes (Mirai and Gafgyt), establishing a botnet to conduct DDoS attacks, and selling developed malware in underground forums to generate revenue. This research paper outlines the group’s evolution, history of cyberattacks, technical analysis and observed exploits.