SYMBOLCOMMON_NAMEaka. SYNONYMS
win.dosia (Back to overview)

Dosia

aka: DDOSIA

Actor(s): NoName057(16)

There is no description at this point.

References
2023-06-29Sekoiasekoia
Following NoName057(16) DDoSia Project’s Targets
Dosia
2023-05-08ViuleeenzAlessandro Strino
Extracting DDosia targets from process memory
Dosia
2023-04-18Avast DecodedMartin Chlumecký
DDosia Project: How NoName057(16) is trying to improve the efficiency of DDoS attacks
Dosia
2023-04-17B42 LabsLuca Mella
Data Insights from Russian Cyber Militants: NoName05716
Dosia
2023-04-17BE42LATEB42 Labs
Noname057(16) Attack Tracker
Dosia
2023-04-04Team CymruS2 Research Team, Team Cymru
A Blog with NoName
Dosia
2023-01-12Sentinel LABSAleksandar Milenkoski, Tom Hegel
NoName057(16) – The Pro-Russian Hacktivist Group Targeting NATO
Bobik Dosia NoName057(16)
Yara Rules
[TLP:WHITE] win_dosia_w0 (20230615 | No description)
rule win_dosia_w0 {
    meta:
        author = "B42 Labs"
        date = "2023-04-13"
        hash_md5 = "ac0d5e1ec2664ad36db8877078bcf6c3"
        tlp = "CLEAR"
        yarahub_license = "CC0 1.0"
        yarahub_reference_md5 = "ac0d5e1ec2664ad36db8877078bcf6c3"
        yarahub_rule_matching_tlp = "CLEAR"
        yarahub_rule_sharing_tlp = "CLEAR"
        yarahub_uuid = "873ebbf5-9f83-4cf5-9670-b159211dd3c2"
        
        malpedia_reference = "https://malpedia.caad.fkie.fraunhofer.de/details/win.dosia"
        malpedia_version = "20230615"
        malpedia_license = "CC BY-NC-SA 4.0"
        malpedia_sharing = "TLP:WHITE"
        
    strings:
         $s_0 = "HttpJob" wide ascii
         $s_1 = "SayHallo" wide ascii
         $s_2 = "StartJob" wide ascii
         $s_3 = "FastRequest" wide ascii
         $s_4 = "SetStatToBot" wide ascii
         $s_5 = "GetTargets" wide ascii

    condition:
        filesize < 10MB  and (5 of ($s_*))
}
Download all Yara Rules