SYMBOLCOMMON_NAMEaka. SYNONYMS
elf.kaiji (Back to overview)

Kaiji


Surfaced in late April 2020, Intezer describes Kaiji as a DDoS malware written in Go that spreads through SSH brute force attacks. Recovered function names are an English representation of Chinese words, hinting about the origin. The name Kaiji was given by MalwareMustDie based on strings found in samples.

References
2020-12-21IntezerIntezer
@online{intezer:20201221:top:9529707, author = {Intezer}, title = {{Top Linux Cloud Threats of 2020}}, date = {2020-12-21}, organization = {Intezer}, url = {https://www.intezer.com/blog/cloud-security/top-linux-cloud-threats-of-2020/}, language = {English}, urldate = {2020-12-26} } Top Linux Cloud Threats of 2020
AgeLocker Anchor_DNS Blackrota Cloud Snooper Dacls Doki FritzFrog IPStorm Kaiji Kinsing NOTROBIN Penquin Turla PLEAD Prometei RansomEXX Stantinko TeamTNT TSCookie WellMail elf.wellmess TeamTNT
2020-06-22Trend MicroAugusto Remillano II
@online{ii:20200622:xorddos:d41d1a7, author = {Augusto Remillano II}, title = {{XORDDoS, Kaiji Botnet Malware Variants Target Exposed Docker Servers}}, date = {2020-06-22}, organization = {Trend Micro}, url = {https://blog.trendmicro.com/trendlabs-security-intelligence/xorddos-kaiji-botnet-malware-variants-target-exposed-docker-servers/}, language = {English}, urldate = {2020-06-24} } XORDDoS, Kaiji Botnet Malware Variants Target Exposed Docker Servers
Kaiji XOR DDoS
2020-05-05BitdefenderGraham Cluley
@online{cluley:20200505:kaiji:94f85b6, author = {Graham Cluley}, title = {{Kaiji – a new strain of IoT malware seizing control and launching DDoS attacks}}, date = {2020-05-05}, organization = {Bitdefender}, url = {https://www.bitdefender.com/box/blog/iot-news/kaiji-new-strain-iot-malware-seizing-control-launching-ddos-attacks/}, language = {English}, urldate = {2020-05-06} } Kaiji – a new strain of IoT malware seizing control and launching DDoS attacks
Kaiji
2020-05-04IntezerPaul Litvak
@online{litvak:20200504:kaiji:6b90937, author = {Paul Litvak}, title = {{Kaiji: New Chinese Linux malware turning to Golang}}, date = {2020-05-04}, organization = {Intezer}, url = {https://intezer.com/blog/research/kaiji-new-chinese-linux-malware-turning-to-golang/}, language = {English}, urldate = {2020-05-06} } Kaiji: New Chinese Linux malware turning to Golang
Kaiji

There is no Yara-Signature yet.