Linux Trojan - Xorddos with Filename eyshcjdmzg
May 2, 2024, 11:12 a.m.
Tags
External References
Description
This analysis examines a recurring Linux trojan called Xorddos, which is a distributed denial-of-service (DDoS) malware. It provides details on various file hashes associated with the malware, as well as indicators of compromise (IOCs) such as IP addresses, domains, and email addresses. The analysis includes information from sandbox environments and compares findings with other online sandboxes. It aims to provide insights into the tactics, techniques, and procedures employed by this malware campaign.
Date
Published: May 1, 2024, 7:55 p.m.
Created: May 1, 2024, 7:55 p.m.
Modified: May 2, 2024, 11:12 a.m.
Indicators
f0e4649181ee9917f38233a1d7b6cbb98c9f7b484326f80c1bebc1fa3aef0645
ecc33502fa7b65dd56cb3e1b6d3bb2c0f615557c24b032e99b8acd40488fad7c
ea40ecec0b30982fbb1662e67f97f0e9d6f43d2d587f2f588525fae683abea73
cd9bc23360e5ca8136b2d9e6ef5ed503d2a49dd2195a3988ed93b119a04ed3a9
b4a86fdf08279318c93a9dd6c61ceafc9ca6e9ca19de76c69772d1c3c89f72a8
b39633ff1928c7f548c6a27ef4265cfd2c380230896b85f432ff15c7c819032c
98e53e2d11d0aee17be3fe4fa3a0159adef6ea109f01754b345f7567c92ebebb
218.92.0.60
http://lib.xlsxpi.enoan2107.com:112
keld@dkuug.dk
lib.xlsxpi.enoan2107.com
Attack Patterns
Xorddos
T1052
T1081
T1008
T1583
T1213
T1189
T1614
T1083
T1071
T1593
T1098
T1078