Outlaw cybergang attacking targets worldwide

April 29, 2025, 9:52 p.m.

Description

A recent incident response case in Brazil revealed a Perl-based crypto mining botnet called Outlaw, also known as Dota, targeting Linux environments. The threat actor exploits weak SSH credentials, downloads malicious scripts, and deploys an XMRig miner for Monero cryptocurrency. The botnet includes an IRC-based client that acts as a backdoor, allowing for various malicious activities. Victims have been identified mainly in the United States, with additional targets in Germany, Italy, Thailand, Singapore, Taiwan, Canada, and Brazil. The article provides detailed analysis of the malware's components, persistence mechanisms, and evasion techniques. Recommendations for system administrators include hardening SSH configurations and implementing additional security measures to mitigate the risk of compromise.

External References

https://securelist.com/outlaw-botnet/116444
https://otx.alienvault.com/pulse/6810fdeb2114bc18d03810e3
Tags
linux
backdoor
evasion
xmrig
persistence
botnet
irc
ssh
crypto mining
outlaw
2025-04-29
dota

Date

  • Created: April 29, 2025, 4:27 p.m.
  • Published: April 29, 2025, 4:27 p.m.
  • Modified: April 29, 2025, 9:52 p.m.

Attack Patterns

  • Dota
  • OUTLAW
  • XMRIG
  • OUTLAW

Additional Informations

  • Singapore
  • Taiwan
  • Italy
  • Thailand
  • Canada
  • Germany
  • Brazil
  • United States of America