Linux Trojan - Xorddos with Filename eyshcjdmzg

May 2, 2024, 11:12 a.m.

Description

This analysis examines a recurring Linux trojan called Xorddos, which is a distributed denial-of-service (DDoS) malware. It provides details on various file hashes associated with the malware, as well as indicators of compromise (IOCs) such as IP addresses, domains, and email addresses. The analysis includes information from sandbox environments and compares findings with other online sandboxes. It aims to provide insights into the tactics, techniques, and procedures employed by this malware campaign.

External References

https://isc.sans.edu/diary/rss/30880
https://otx.alienvault.com/pulse/66329e2d6c3c1f2ec577888d
Tags
linux
phishing
trojan
ddos
xorddos
eyshcjdmzg

Date

  • Created: May 1, 2024, 7:55 p.m.
  • Published: May 1, 2024, 7:55 p.m.
  • Modified: May 2, 2024, 11:12 a.m.

Indicators

  • f0e4649181ee9917f38233a1d7b6cbb98c9f7b484326f80c1bebc1fa3aef0645
  • ecc33502fa7b65dd56cb3e1b6d3bb2c0f615557c24b032e99b8acd40488fad7c
  • ea40ecec0b30982fbb1662e67f97f0e9d6f43d2d587f2f588525fae683abea73
  • cd9bc23360e5ca8136b2d9e6ef5ed503d2a49dd2195a3988ed93b119a04ed3a9
  • b4a86fdf08279318c93a9dd6c61ceafc9ca6e9ca19de76c69772d1c3c89f72a8
  • b39633ff1928c7f548c6a27ef4265cfd2c380230896b85f432ff15c7c819032c
  • 98e53e2d11d0aee17be3fe4fa3a0159adef6ea109f01754b345f7567c92ebebb
  • 218.92.0.60
  • http://lib.xlsxpi.enoan2107.com:112
  • keld@dkuug.dk
  • lib.xlsxpi.enoan2107.com
Download all indicators here!

Attack Patterns

  • Xorddos