Today > 1 Critical | 6 High | 24 Medium vulnerabilities   -   You can now download lists of IOCs here!

Linux Trojan - Xorddos with Filename eyshcjdmzg

May 2, 2024, 11:12 a.m.

Description

This analysis examines a recurring Linux trojan called Xorddos, which is a distributed denial-of-service (DDoS) malware. It provides details on various file hashes associated with the malware, as well as indicators of compromise (IOCs) such as IP addresses, domains, and email addresses. The analysis includes information from sandbox environments and compares findings with other online sandboxes. It aims to provide insights into the tactics, techniques, and procedures employed by this malware campaign.

Date

Published: May 1, 2024, 7:55 p.m.

Created: May 1, 2024, 7:55 p.m.

Modified: May 2, 2024, 11:12 a.m.

Indicators

f0e4649181ee9917f38233a1d7b6cbb98c9f7b484326f80c1bebc1fa3aef0645

ecc33502fa7b65dd56cb3e1b6d3bb2c0f615557c24b032e99b8acd40488fad7c

ea40ecec0b30982fbb1662e67f97f0e9d6f43d2d587f2f588525fae683abea73

cd9bc23360e5ca8136b2d9e6ef5ed503d2a49dd2195a3988ed93b119a04ed3a9

b4a86fdf08279318c93a9dd6c61ceafc9ca6e9ca19de76c69772d1c3c89f72a8

b39633ff1928c7f548c6a27ef4265cfd2c380230896b85f432ff15c7c819032c

98e53e2d11d0aee17be3fe4fa3a0159adef6ea109f01754b345f7567c92ebebb

218.92.0.60

http://lib.xlsxpi.enoan2107.com:112

keld@dkuug.dk

lib.xlsxpi.enoan2107.com

Attack Patterns

Xorddos

T1052

T1081

T1008

T1583

T1213

T1189

T1614

T1083

T1071

T1593

T1098

T1078