ioc[.]one - OSINT Cyber Threat Intelligence Database

Blocking Dedicated Attacking Hosts Is Not Enough: In-Depth Analysis of a Worldwide Linux XorDDoS Campaign

Tags

country:	Germany France Italy United States Of America
attack-pattern:	Data Botnet - T1583.005 Botnet - T1584.005 Dns - T1071.004 Dns - T1590.002 Domains - T1583.001 Domains - T1584.001 Ip Addresses - T1590.005 Malware - T1587.001 Malware - T1588.001 Server - T1583.004 Server - T1584.004 Ssh - T1021.004 Vulnerabilities - T1588.006 Whois - T1596.002 Denial Of Service

Show in Graph

Common Information

Type	Value
UUID	491948be-4555-437d-a9b6-9169fffc21f4
Fingerprint	a5218f99a01b86ca
Analysis status	DONE
Considered CTI value	2
Text language
Published	Oct. 16, 2023, 1 p.m.
Added to db	Nov. 19, 2023, 12:12 a.m.
Last updated	Nov. 14, 2024, 7:54 p.m.
Headline	Blocking Dedicated Attacking Hosts Is Not Enough: In-Depth Analysis of a Worldwide Linux XorDDoS Campaign
Title	Blocking Dedicated Attacking Hosts Is Not Enough: In-Depth Analysis of a Worldwide Linux XorDDoS Campaign
Detected Hints/Tags/Attributes	82/2/115

Source URLs

	Redirection	Url
Details	Source	https://unit42.paloaltonetworks.com/new-linux-xorddos-trojan-campaign-delivers-malware/

URL Provider

Details	Provider	Source level domain
Details	paloaltonetworks.com	unit42.paloaltonetworks.com

RSS Feed

Details	Id	Enabled	Feed title	Url	Added to db
Details	120	✔	Unit 42	https://feeds.feedburner.com/Unit42	2024-08-30 22:08

Attributes

Details	Type	#Events	Value
Details	Domain	4	gcc.pid
Details	Domain	2	ppp.gggatat456.com
Details	Domain	2	ppp.xxxatat456.com
Details	Domain	2	p5.dddgata789.com
Details	Domain	2	p5.lpjulidny7.com
Details	Domain	2	dddgata789.com
Details	Domain	3	xxxatat456.com
Details	Domain	2	name-services.com
Details	Domain	4	aaa.xxxatat456.com
Details	Domain	2	b12.xxxatat456.com
Details	Domain	2	www.ppp.xxxatat456.com
Details	Domain	3	www.xxxatat456.com
Details	Domain	3	gggatat456.com
Details	Domain	4	aaa.gggatat456.com
Details	Domain	3	www1.gggatat456.com
Details	Domain	2	www.ppp.gggatat456.com
Details	Domain	2	lpjulidny7.com
Details	Domain	8	domaincontrol.com
Details	Domain	2	p0.lpjulidny7.com
Details	Domain	2	p2.lpjulidny7.com
Details	Domain	2	p3.lpjulidny7.com
Details	Domain	2	p4.lpjulidny7.com
Details	Domain	2	ddd.dddgata789.com
Details	Domain	2	0o557.com
Details	Domain	2	604418589.xyz
Details	Domain	2	www.98syn.com
Details	Domain	2	aldz.xyz
Details	Domain	2	syn.aldz.xyz
Details	Domain	2	assword.xyz
Details	Domain	3	linux.bc5j.com
Details	Domain	2	cdn.netflix2cdn.com
Details	Domain	2	b12.dddgata789.com
Details	Domain	2	d14.dddgata789.com
Details	Domain	3	ww.dnstells.com
Details	Domain	5	ndns.dsaj2a.com
Details	Domain	5	ndns.dsaj2a.org
Details	Domain	3	gh.dsaj2a1.org
Details	Domain	5	ndns.dsaj2a1.org
Details	Domain	4	www.enoan2107.com
Details	Domain	2	a381422.f3322.net
Details	Domain	2	1107791273.f3322.org
Details	Domain	2	aa369369.f3322.org
Details	Domain	2	shaoqian.f3322.org
Details	Domain	2	xlxl.f3322.org
Details	Domain	2	cdn.finance1num.com
Details	Domain	2	baidu.gddos.com
Details	Domain	2	soft8.gddos.com
Details	Domain	2	b12.gggatat456.com
Details	Domain	2	g14.gggatat456.com
Details	Domain	2	8uc.gwd58.com
Details	Domain	3	ww.gzcfr5axf6.com
Details	Domain	4	www.gzcfr5axf6.com
Details	Domain	3	ww.gzcfr5axf7.com
Details	Domain	5	ndns.hcxiaoao.com
Details	Domain	5	ns1.hostasa.org
Details	Domain	6	ns2.hostasa.org
Details	Domain	6	ns3.hostasa.org
Details	Domain	5	ns4.hostasa.org
Details	Domain	2	linux.jum2.com
Details	Domain	2	2w5.mc150.cn
Details	Domain	3	ww.myserv012.com
Details	Domain	2	nishabud.com
Details	Domain	2	aaaaaaaaaa.re67das.com
Details	Domain	2	ww.s9xk32a.com
Details	Domain	2	ww.s9xk32b.com
Details	Domain	2	ww.s9xk32c.com
Details	Domain	3	ww.search2c.com
Details	Domain	2	ssh.upx.wang
Details	Domain	2	www.wangzongfacai.com
Details	Domain	2	bb.wordpressau.com
Details	Domain	2	bbb.wordpressau.com
Details	Domain	2	xran.xyz
Details	Domain	2	x14.xxxatat456.com
Details	Domain	2	zryl.online
Details	File	3	ww.gz
Details	File	3	www.gz
Details	sha256	1	b8c4d68755d09e9ad47e0fa14737b3d2d5ad1246de5ef1b3c794b1339d8fe9f8
Details	sha256	1	265a38c6dee58f912ff82a4e7ce3a32b2a3216bffd8c971a7414432c5f66ef11
Details	sha256	1	1e823ae1e8d2689f1090b09dc15dc1953fa0d3f703aec682214750b9ef8795f1
Details	sha256	1	989a371948b2c50b1d45dac9b3375cbbf832623b30e41d2e04d13d2bcf76e56b
Details	sha256	1	20f202d4a42096588c6a498ddb1e92f5b7531cb108fca45498ac7cd9d46b6448
Details	sha256	1	9c5fc75a453276dcd479601d13593420fc53c80ad6bd911aaeb57d8da693da43
Details	sha256	1	ce0268e14b9095e186d5d4fe0b3d7ced0c1cc5bd9c4823b3dfa89853ba83c94f
Details	sha256	1	aeb29dc28699b899a89c990eab32c7697679f764f9f33de7d2e2dc28ea8300f5
Details	IPv4	295	8.8.8.8
Details	IPv4	63	8.8.4.4
Details	IPv4	2	142.0.138.41
Details	IPv4	2	142.0.138.42
Details	IPv4	2	142.0.138.43
Details	IPv4	2	142.0.138.44
Details	IPv4	2	142.4.106.73
Details	IPv4	2	142.4.106.75
Details	IPv4	2	192.74.236.33
Details	IPv4	2	192.74.236.34
Details	IPv4	2	192.74.236.35
Details	IPv4	2	142.4.106.74
Details	IPv4	2	142.4.106.76
Details	IPv4	2	192.74.236.36
Details	IPv4	9	34.98.99.30
Details	IPv4	2	23.252.167.35
Details	IPv4	3	66.102.253.30
Details	IPv4	2	98.126.8.114
Details	IPv4	3	103.25.9.245
Details	IPv4	2	103.233.83.245
Details	IPv4	4	103.240.141.50
Details	IPv4	2	104.247.217.167
Details	IPv4	2	113.10.246.145
Details	IPv4	2	119.147.145.198
Details	IPv4	2	162.251.95.209
Details	IPv4	3	174.139.217.145
Details	IPv4	2	183.56.173.144
Details	IPv4	2	183.56.173.156
Details	IPv4	3	183.60.202.2
Details	IPv4	3	183.136.213.96
Details	IPv4	2	203.12.202.137