Once thought to be defunct, the resilient Pushdo has surfaced with infections observed in more than 50 countries, with a substantial infection rate located in the Asia-Pacific region. Based on data aggregated from a controlled sinkhole, Fidelis Cybersecurity has observed some notable changes with the primary command and control (C&C) and conducted in-depth analysis of the secondary C&C Domain Generation Algorithim (DGA). In order to support network defenders, Fidelis Cybersecurity is offering a new, free data feed of verified indicators to support the detection and mitigation of Pushdo. Our intention behind revealing these details is to enable widespread detection and remediation of this threat as well as to force a comprehensive retooling exercise on the operators of the Pushdo botnet.
Related on Threat Geek: