SYMBOLCOMMON_NAMEaka. SYNONYMS
elf.xorddos (Back to overview)

XOR DDoS

aka: XORDDOS

Linux DDoS C&C Malware

References
2022-05-19MicrosoftMicrosoft 365 Defender Research Team
@online{team:20220519:rise:2087702, author = {Microsoft 365 Defender Research Team}, title = {{Rise in XorDdos: A deeper look at the stealthy DDoS malware targeting Linux devices}}, date = {2022-05-19}, organization = {Microsoft}, url = {https://www.microsoft.com/security/blog/2022/05/19/rise-in-xorddos-a-deeper-look-at-the-stealthy-ddos-malware-targeting-linux-devices/}, language = {English}, urldate = {2022-05-20} } Rise in XorDdos: A deeper look at the stealthy DDoS malware targeting Linux devices
XOR DDoS
2022-01-13CrowdStrikeMihai Maganu
@online{maganu:20220113:linuxtargeted:66d730c, author = {Mihai Maganu}, title = {{Linux-Targeted Malware Increases by 35% in 2021: XorDDoS, Mirai and Mozi Most Prevalent}}, date = {2022-01-13}, organization = {CrowdStrike}, url = {https://www.crowdstrike.com/blog/linux-targeted-malware-increased-by-35-percent-in-2021/}, language = {English}, urldate = {2022-01-18} } Linux-Targeted Malware Increases by 35% in 2021: XorDDoS, Mirai and Mozi Most Prevalent
Mirai Mozi XOR DDoS
2021-09-20IBMIBM SECURITY X-FORCE
@online{xforce:20210920:2021:41cf9ce, author = {IBM SECURITY X-FORCE}, title = {{2021 IBM SecurityX-Force Cloud Threat Landscape Report}}, date = {2021-09-20}, organization = {IBM}, url = {https://www.ibm.com/downloads/cas/WMDZOWK6?social_post=5483919673&linkId=131648775}, language = {English}, urldate = {2021-09-22} } 2021 IBM SecurityX-Force Cloud Threat Landscape Report
Kaiji Kinsing Tsunami Xanthe XOR DDoS
2021-07-25Max Kersten's BlogMax Kersten
@online{kersten:20210725:ghidra:00c108d, author = {Max Kersten}, title = {{Ghidra script to decrypt a string array in XOR DDoS}}, date = {2021-07-25}, organization = {Max Kersten's Blog}, url = {https://maxkersten.nl/binary-analysis-course/analysis-scripts/ghidra-script-to-decrypt-a-string-array-in-xor-ddos/}, language = {English}, urldate = {2021-08-02} } Ghidra script to decrypt a string array in XOR DDoS
XOR DDoS
2021-03-10IntezerAvigayil Mechtinger, Joakim Kennedy
@online{mechtinger:20210310:new:1e588f7, author = {Avigayil Mechtinger and Joakim Kennedy}, title = {{New Linux Backdoor RedXOR Likely Operated by Chinese Nation-State Actor}}, date = {2021-03-10}, organization = {Intezer}, url = {https://www.intezer.com/blog/malware-analysis/new-linux-backdoor-redxor-likely-operated-by-chinese-nation-state-actor/}, language = {English}, urldate = {2021-03-11} } New Linux Backdoor RedXOR Likely Operated by Chinese Nation-State Actor
RedXOR XOR DDoS
2021-01-27laceworkChris Hall
@online{hall:20210127:groundhog:ba8acfe, author = {Chris Hall}, title = {{Groundhog Botnet Rapidly Infecting Cloud}}, date = {2021-01-27}, organization = {lacework}, url = {https://www.lacework.com/groundhog-botnet-rapidly-infecting-cloud/}, language = {English}, urldate = {2021-01-29} } Groundhog Botnet Rapidly Infecting Cloud
XOR DDoS
2020-06-22Trend MicroAugusto Remillano II
@online{ii:20200622:xorddos:d41d1a7, author = {Augusto Remillano II}, title = {{XORDDoS, Kaiji Botnet Malware Variants Target Exposed Docker Servers}}, date = {2020-06-22}, organization = {Trend Micro}, url = {https://blog.trendmicro.com/trendlabs-security-intelligence/xorddos-kaiji-botnet-malware-variants-target-exposed-docker-servers/}, language = {English}, urldate = {2020-06-24} } XORDDoS, Kaiji Botnet Malware Variants Target Exposed Docker Servers
Kaiji XOR DDoS
2020-04-07BlackberryBlackberry Research
@techreport{research:20200407:decade:6441e18, author = {Blackberry Research}, title = {{Decade of the RATS: Cross-Platform APT Espionage Attacks Targeting Linux, Windows and Android}}, date = {2020-04-07}, institution = {Blackberry}, url = {https://www.blackberry.com/us/en/pdfviewer?file=/content/dam/blackberry-com/asset/enterprise/pdf/direct/report-bb-decade-of-the-rats.pdf}, language = {English}, urldate = {2020-08-10} } Decade of the RATS: Cross-Platform APT Espionage Attacks Targeting Linux, Windows and Android
Penquin Turla XOR DDoS ZXShell
2018-11-29NSFOCUShaoming
@online{haoming:20181129:analysis:6192262, author = {haoming}, title = {{Analysis Report of the Xorddos Malware Family}}, date = {2018-11-29}, organization = {NSFOCUS}, url = {https://blog.nsfocusglobal.com/threats/vulnerability-analysis/analysis-report-of-the-xorddos-malware-family/}, language = {English}, urldate = {2020-01-06} } Analysis Report of the Xorddos Malware Family
XOR DDoS
2016-03-18WikipediaVarious
@online{various:20160318:xor:09f92e3, author = {Various}, title = {{Xor DDoS}}, date = {2016-03-18}, organization = {Wikipedia}, url = {https://en.wikipedia.org/wiki/Xor_DDoS}, language = {English}, urldate = {2020-01-09} } Xor DDoS
XOR DDoS
2015-12-03360 Internet Security CenterYa Liu
@techreport{liu:20151203:automatically:7e1f412, author = {Ya Liu}, title = {{Automatically Classifying Unknown Bots by The REGISTER Messages}}, date = {2015-12-03}, institution = {360 Internet Security Center}, url = {https://www.botconf.eu/wp-content/uploads/2015/12/OK-P13-Liu-Ya-Automatically-Classify-Unknown-Bots-by-The-Register-Messages.pdf}, language = {English}, urldate = {2022-07-01} } Automatically Classifying Unknown Bots by The REGISTER Messages
Dofloo MrBlack XOR DDoS DarkShell
2015-10Check PointStanislav Skuratovich, Aliaksandr Trafimchuk
@techreport{skuratovich:201510:digging:7c4fa84, author = {Stanislav Skuratovich and Aliaksandr Trafimchuk}, title = {{Digging for Groundhogs: Holes in your Linux server}}, date = {2015-10}, institution = {Check Point}, url = {https://blog.checkpoint.com/wp-content/uploads/2015/10/sb-report-threat-intelligence-groundhog.pdf}, language = {English}, urldate = {2020-01-08} } Digging for Groundhogs: Holes in your Linux server
XOR DDoS
2015-09-25Blaze's Security BlogBartBlaze
@online{bartblaze:20150925:notes:79b37fe, author = {BartBlaze}, title = {{Notes on Linux/Xor.DDoS}}, date = {2015-09-25}, organization = {Blaze's Security Blog}, url = {https://bartblaze.blogspot.com/2015/09/notes-on-linuxxorddos.html}, language = {English}, urldate = {2020-01-08} } Notes on Linux/Xor.DDoS
XOR DDoS
2015-09Virus BulletinPeter Kálnai, Jaromír Hořejší
@techreport{klnai:201509:ddos:21c35c6, author = {Peter Kálnai and Jaromír Hořejší}, title = {{DDOS TROJAN: A MALICIOUS CONCEPT THAT CONQUERED THE ELF FORMAT}}, date = {2015-09}, institution = {Virus Bulletin}, url = {https://www.virusbulletin.com/uploads/pdf/conference/vb2015/KalnaiHorejsi-VB2015.pdf}, language = {English}, urldate = {2020-01-08} } DDOS TROJAN: A MALICIOUS CONCEPT THAT CONQUERED THE ELF FORMAT
XOR DDoS
2015-02-05FireEyeMichael Lin, Derek Gooley
@online{lin:20150205:anatomy:91eb612, author = {Michael Lin and Derek Gooley}, title = {{Anatomy of a Brute Force Campaign: The Story of Hee Thai Limited}}, date = {2015-02-05}, organization = {FireEye}, url = {https://www.fireeye.com/blog/threat-research/2015/02/anatomy_of_a_brutef.html}, language = {English}, urldate = {2019-12-20} } Anatomy of a Brute Force Campaign: The Story of Hee Thai Limited
XOR DDoS
2015-01-06AvastPeter Kálnai
@online{klnai:20150106:linux:d8e30ec, author = {Peter Kálnai}, title = {{Linux DDoS Trojan hiding itself with an embedded rootkit}}, date = {2015-01-06}, organization = {Avast}, url = {https://blog.avast.com/2015/01/06/linux-ddos-trojan-hiding-itself-with-an-embedded-rootkit/}, language = {English}, urldate = {2020-02-25} } Linux DDoS Trojan hiding itself with an embedded rootkit
XOR DDoS
2014-09-29MalwareMustDieunixfreaxjp
@online{unixfreaxjp:20140929:mmd00282014:b04578f, author = {unixfreaxjp}, title = {{MMD-0028-2014 - Linux/XOR.DDoS: Fuzzy reversing a new China ELF}}, date = {2014-09-29}, organization = {MalwareMustDie}, url = {http://blog.malwaremustdie.org/2014/09/mmd-0028-2014-fuzzy-reversing-new-china.html}, language = {English}, urldate = {2019-11-27} } MMD-0028-2014 - Linux/XOR.DDoS: Fuzzy reversing a new China ELF
XOR DDoS

There is no Yara-Signature yet.