Tag: ddos
8 attack reports | 0 vulnerabilities
Attack reports
Bulbature, beneath the waves of GobRAT
This report examines an infrastructure used to control compromised edge devices transformed into Operational Relay Boxes for launching cyber attacks. The infrastructure, consisting of 63 identified servers, uses GobRAT and Bulbature malware to compromise devices and create a botnet. Features includ…
Downloadable IOCs 120
People's Republic of China-Linked Actors Compromise Routers and IoT Devices for Botnet Operations
PRC-linked cyber actors have compromised thousands of Internet-connected devices to create a botnet for malicious activities. Integrity Technology Group, a PRC-based company with government links, has controlled a botnet of over 260,000 devices since mid-2021. The botnet uses Mirai-based malware to…
Downloadable IOCs 169
Derailing the Raptor Train
A large, multi-tiered botnet called Raptor Train, likely operated by Chinese threat actors Flax Typhoon, has been discovered. Consisting of over 60,000 compromised SOHO and IoT devices at its peak, it's one of the largest Chinese state-sponsored IoT botnets to date. The botnet uses a sophisticated …
Downloadable IOCs 198
CERT-UA Report: UAC-0198: Mass distribution of ANONVNC (MESHAGENT) among government organizations of Ukraine
According to the report, cyber operations related to the ongoing military conflict between Russia and Ukraine are ongoing. The report highlights the potential risks and threats posed by Russian state-sponsored actors, including the deployment of wiper malware, distributed denial-of-service (DDoS) a…
Downloadable IOCs 26
New Threat: A Deep Dive Into the Zergeca Botnet
An analysis of a newly discovered botnet named Zergeca, implemented in Go language, with capabilities for DDoS attacks, proxying, scanning, self-upgrading, persistence, file transfer, reverse shell, and collecting sensitive device information. The report delves into the botnet's unique features, in…
Downloadable IOCs 13
The Pumpkin Eclipse - Chalubo Malware
Chalubo is a commodity remote access trojan (RAT). First identified in 2018, employed savvy tradecraft to obfuscate its activity; it removed all files from disk to run in-memory, assumed a random process name already present on the device, and encrypted all communications with the command and contr…
Downloadable IOCs 176
New Goldoon Botnet Targeting D-Link Devices
In April 2024, FortiGuard Labs observed a new botnet exploiting a nearly decade-old D-Link vulnerability to take control of devices and incorporate them into a botnet used to launch attacks. The malware, named Goldoon, establishes persistence and connects to a C2 server to receive commands, includi…
Downloadable IOCs 24
Linux Trojan - Xorddos with Filename eyshcjdmzg
This analysis examines a recurring Linux trojan called Xorddos, which is a distributed denial-of-service (DDoS) malware. It provides details on various file hashes associated with the malware, as well as indicators of compromise (IOCs) such as IP addresses, domains, and email addresses. The analysi…
Downloadable IOCs 11
Bulbature, beneath the waves of GobRAT
This report examines an infrastructure used to control compromised edge devices transformed into Operational Relay Boxes for launching cyber attacks. The infrastructure, consisting of 63 identified servers, uses GobRAT and Bulbature malware to compromise devices and create a botnet. Features includ…
Downloadable IOCs 120
People's Republic of China-Linked Actors Compromise Routers and IoT Devices for Botnet Operations
PRC-linked cyber actors have compromised thousands of Internet-connected devices to create a botnet for malicious activities. Integrity Technology Group, a PRC-based company with government links, has controlled a botnet of over 260,000 devices since mid-2021. The botnet uses Mirai-based malware to…
Downloadable IOCs 169
Derailing the Raptor Train
A large, multi-tiered botnet called Raptor Train, likely operated by Chinese threat actors Flax Typhoon, has been discovered. Consisting of over 60,000 compromised SOHO and IoT devices at its peak, it's one of the largest Chinese state-sponsored IoT botnets to date. The botnet uses a sophisticated …
Downloadable IOCs 198
CERT-UA Report: UAC-0198: Mass distribution of ANONVNC (MESHAGENT) among government organizations of Ukraine
According to the report, cyber operations related to the ongoing military conflict between Russia and Ukraine are ongoing. The report highlights the potential risks and threats posed by Russian state-sponsored actors, including the deployment of wiper malware, distributed denial-of-service (DDoS) a…
Downloadable IOCs 26
New Threat: A Deep Dive Into the Zergeca Botnet
An analysis of a newly discovered botnet named Zergeca, implemented in Go language, with capabilities for DDoS attacks, proxying, scanning, self-upgrading, persistence, file transfer, reverse shell, and collecting sensitive device information. The report delves into the botnet's unique features, in…
Downloadable IOCs 13
The Pumpkin Eclipse - Chalubo Malware
Chalubo is a commodity remote access trojan (RAT). First identified in 2018, employed savvy tradecraft to obfuscate its activity; it removed all files from disk to run in-memory, assumed a random process name already present on the device, and encrypted all communications with the command and contr…
Downloadable IOCs 176
New Goldoon Botnet Targeting D-Link Devices
In April 2024, FortiGuard Labs observed a new botnet exploiting a nearly decade-old D-Link vulnerability to take control of devices and incorporate them into a botnet used to launch attacks. The malware, named Goldoon, establishes persistence and connects to a C2 server to receive commands, includi…
Downloadable IOCs 24
Linux Trojan - Xorddos with Filename eyshcjdmzg
This analysis examines a recurring Linux trojan called Xorddos, which is a distributed denial-of-service (DDoS) malware. It provides details on various file hashes associated with the malware, as well as indicators of compromise (IOCs) such as IP addresses, domains, and email addresses. The analysi…
Downloadable IOCs 11
Bulbature, beneath the waves of GobRAT
This report examines an infrastructure used to control compromised edge devices transformed into Operational Relay Boxes for launching cyber attacks. The infrastructure, consisting of 63 identified servers, uses GobRAT and Bulbature malware to compromise devices and create a botnet. Features includ…
Downloadable IOCs 120
People's Republic of China-Linked Actors Compromise Routers and IoT Devices for Botnet Operations
PRC-linked cyber actors have compromised thousands of Internet-connected devices to create a botnet for malicious activities. Integrity Technology Group, a PRC-based company with government links, has controlled a botnet of over 260,000 devices since mid-2021. The botnet uses Mirai-based malware to…
Downloadable IOCs 169
Derailing the Raptor Train
A large, multi-tiered botnet called Raptor Train, likely operated by Chinese threat actors Flax Typhoon, has been discovered. Consisting of over 60,000 compromised SOHO and IoT devices at its peak, it's one of the largest Chinese state-sponsored IoT botnets to date. The botnet uses a sophisticated …
Downloadable IOCs 198
CERT-UA Report: UAC-0198: Mass distribution of ANONVNC (MESHAGENT) among government organizations of Ukraine
According to the report, cyber operations related to the ongoing military conflict between Russia and Ukraine are ongoing. The report highlights the potential risks and threats posed by Russian state-sponsored actors, including the deployment of wiper malware, distributed denial-of-service (DDoS) a…
Downloadable IOCs 26
New Threat: A Deep Dive Into the Zergeca Botnet
An analysis of a newly discovered botnet named Zergeca, implemented in Go language, with capabilities for DDoS attacks, proxying, scanning, self-upgrading, persistence, file transfer, reverse shell, and collecting sensitive device information. The report delves into the botnet's unique features, in…
Downloadable IOCs 13
The Pumpkin Eclipse - Chalubo Malware
Chalubo is a commodity remote access trojan (RAT). First identified in 2018, employed savvy tradecraft to obfuscate its activity; it removed all files from disk to run in-memory, assumed a random process name already present on the device, and encrypted all communications with the command and contr…
Downloadable IOCs 176
New Goldoon Botnet Targeting D-Link Devices
In April 2024, FortiGuard Labs observed a new botnet exploiting a nearly decade-old D-Link vulnerability to take control of devices and incorporate them into a botnet used to launch attacks. The malware, named Goldoon, establishes persistence and connects to a C2 server to receive commands, includi…
Downloadable IOCs 24
Linux Trojan - Xorddos with Filename eyshcjdmzg
This analysis examines a recurring Linux trojan called Xorddos, which is a distributed denial-of-service (DDoS) malware. It provides details on various file hashes associated with the malware, as well as indicators of compromise (IOCs) such as IP addresses, domains, and email addresses. The analysi…
Downloadable IOCs 11
Bulbature, beneath the waves of GobRAT
This report examines an infrastructure used to control compromised edge devices transformed into Operational Relay Boxes for launching cyber attacks. The infrastructure, consisting of 63 identified servers, uses GobRAT and Bulbature malware to compromise devices and create a botnet. Features includ…
Downloadable IOCs 120
People's Republic of China-Linked Actors Compromise Routers and IoT Devices for Botnet Operations
PRC-linked cyber actors have compromised thousands of Internet-connected devices to create a botnet for malicious activities. Integrity Technology Group, a PRC-based company with government links, has controlled a botnet of over 260,000 devices since mid-2021. The botnet uses Mirai-based malware to…
Downloadable IOCs 169
Derailing the Raptor Train
A large, multi-tiered botnet called Raptor Train, likely operated by Chinese threat actors Flax Typhoon, has been discovered. Consisting of over 60,000 compromised SOHO and IoT devices at its peak, it's one of the largest Chinese state-sponsored IoT botnets to date. The botnet uses a sophisticated …
Downloadable IOCs 198
CERT-UA Report: UAC-0198: Mass distribution of ANONVNC (MESHAGENT) among government organizations of Ukraine
According to the report, cyber operations related to the ongoing military conflict between Russia and Ukraine are ongoing. The report highlights the potential risks and threats posed by Russian state-sponsored actors, including the deployment of wiper malware, distributed denial-of-service (DDoS) a…
Downloadable IOCs 26
New Threat: A Deep Dive Into the Zergeca Botnet
An analysis of a newly discovered botnet named Zergeca, implemented in Go language, with capabilities for DDoS attacks, proxying, scanning, self-upgrading, persistence, file transfer, reverse shell, and collecting sensitive device information. The report delves into the botnet's unique features, in…
Downloadable IOCs 13
The Pumpkin Eclipse - Chalubo Malware
Chalubo is a commodity remote access trojan (RAT). First identified in 2018, employed savvy tradecraft to obfuscate its activity; it removed all files from disk to run in-memory, assumed a random process name already present on the device, and encrypted all communications with the command and contr…
Downloadable IOCs 176
New Goldoon Botnet Targeting D-Link Devices
In April 2024, FortiGuard Labs observed a new botnet exploiting a nearly decade-old D-Link vulnerability to take control of devices and incorporate them into a botnet used to launch attacks. The malware, named Goldoon, establishes persistence and connects to a C2 server to receive commands, includi…
Downloadable IOCs 24
Linux Trojan - Xorddos with Filename eyshcjdmzg
This analysis examines a recurring Linux trojan called Xorddos, which is a distributed denial-of-service (DDoS) malware. It provides details on various file hashes associated with the malware, as well as indicators of compromise (IOCs) such as IP addresses, domains, and email addresses. The analysi…
Downloadable IOCs 11
Bulbature, beneath the waves of GobRAT
This report examines an infrastructure used to control compromised edge devices transformed into Operational Relay Boxes for launching cyber attacks. The infrastructure, consisting of 63 identified servers, uses GobRAT and Bulbature malware to compromise devices and create a botnet. Features includ…
Downloadable IOCs 120
People's Republic of China-Linked Actors Compromise Routers and IoT Devices for Botnet Operations
PRC-linked cyber actors have compromised thousands of Internet-connected devices to create a botnet for malicious activities. Integrity Technology Group, a PRC-based company with government links, has controlled a botnet of over 260,000 devices since mid-2021. The botnet uses Mirai-based malware to…
Downloadable IOCs 169
Derailing the Raptor Train
A large, multi-tiered botnet called Raptor Train, likely operated by Chinese threat actors Flax Typhoon, has been discovered. Consisting of over 60,000 compromised SOHO and IoT devices at its peak, it's one of the largest Chinese state-sponsored IoT botnets to date. The botnet uses a sophisticated …
Downloadable IOCs 198
CERT-UA Report: UAC-0198: Mass distribution of ANONVNC (MESHAGENT) among government organizations of Ukraine
According to the report, cyber operations related to the ongoing military conflict between Russia and Ukraine are ongoing. The report highlights the potential risks and threats posed by Russian state-sponsored actors, including the deployment of wiper malware, distributed denial-of-service (DDoS) a…
Downloadable IOCs 26
New Threat: A Deep Dive Into the Zergeca Botnet
An analysis of a newly discovered botnet named Zergeca, implemented in Go language, with capabilities for DDoS attacks, proxying, scanning, self-upgrading, persistence, file transfer, reverse shell, and collecting sensitive device information. The report delves into the botnet's unique features, in…
Downloadable IOCs 13
The Pumpkin Eclipse - Chalubo Malware
Chalubo is a commodity remote access trojan (RAT). First identified in 2018, employed savvy tradecraft to obfuscate its activity; it removed all files from disk to run in-memory, assumed a random process name already present on the device, and encrypted all communications with the command and contr…
Downloadable IOCs 176
New Goldoon Botnet Targeting D-Link Devices
In April 2024, FortiGuard Labs observed a new botnet exploiting a nearly decade-old D-Link vulnerability to take control of devices and incorporate them into a botnet used to launch attacks. The malware, named Goldoon, establishes persistence and connects to a C2 server to receive commands, includi…
Downloadable IOCs 24
Linux Trojan - Xorddos with Filename eyshcjdmzg
This analysis examines a recurring Linux trojan called Xorddos, which is a distributed denial-of-service (DDoS) malware. It provides details on various file hashes associated with the malware, as well as indicators of compromise (IOCs) such as IP addresses, domains, and email addresses. The analysi…
Downloadable IOCs 11
Bulbature, beneath the waves of GobRAT
This report examines an infrastructure used to control compromised edge devices transformed into Operational Relay Boxes for launching cyber attacks. The infrastructure, consisting of 63 identified servers, uses GobRAT and Bulbature malware to compromise devices and create a botnet. Features includ…
Downloadable IOCs 120
People's Republic of China-Linked Actors Compromise Routers and IoT Devices for Botnet Operations
PRC-linked cyber actors have compromised thousands of Internet-connected devices to create a botnet for malicious activities. Integrity Technology Group, a PRC-based company with government links, has controlled a botnet of over 260,000 devices since mid-2021. The botnet uses Mirai-based malware to…
Downloadable IOCs 169
Derailing the Raptor Train
A large, multi-tiered botnet called Raptor Train, likely operated by Chinese threat actors Flax Typhoon, has been discovered. Consisting of over 60,000 compromised SOHO and IoT devices at its peak, it's one of the largest Chinese state-sponsored IoT botnets to date. The botnet uses a sophisticated …
Downloadable IOCs 198
CERT-UA Report: UAC-0198: Mass distribution of ANONVNC (MESHAGENT) among government organizations of Ukraine
According to the report, cyber operations related to the ongoing military conflict between Russia and Ukraine are ongoing. The report highlights the potential risks and threats posed by Russian state-sponsored actors, including the deployment of wiper malware, distributed denial-of-service (DDoS) a…
Downloadable IOCs 26
New Threat: A Deep Dive Into the Zergeca Botnet
An analysis of a newly discovered botnet named Zergeca, implemented in Go language, with capabilities for DDoS attacks, proxying, scanning, self-upgrading, persistence, file transfer, reverse shell, and collecting sensitive device information. The report delves into the botnet's unique features, in…
Downloadable IOCs 13
The Pumpkin Eclipse - Chalubo Malware
Chalubo is a commodity remote access trojan (RAT). First identified in 2018, employed savvy tradecraft to obfuscate its activity; it removed all files from disk to run in-memory, assumed a random process name already present on the device, and encrypted all communications with the command and contr…
Downloadable IOCs 176
New Goldoon Botnet Targeting D-Link Devices
In April 2024, FortiGuard Labs observed a new botnet exploiting a nearly decade-old D-Link vulnerability to take control of devices and incorporate them into a botnet used to launch attacks. The malware, named Goldoon, establishes persistence and connects to a C2 server to receive commands, includi…
Downloadable IOCs 24
Linux Trojan - Xorddos with Filename eyshcjdmzg
This analysis examines a recurring Linux trojan called Xorddos, which is a distributed denial-of-service (DDoS) malware. It provides details on various file hashes associated with the malware, as well as indicators of compromise (IOCs) such as IP addresses, domains, and email addresses. The analysi…
Downloadable IOCs 11
Bulbature, beneath the waves of GobRAT
This report examines an infrastructure used to control compromised edge devices transformed into Operational Relay Boxes for launching cyber attacks. The infrastructure, consisting of 63 identified servers, uses GobRAT and Bulbature malware to compromise devices and create a botnet. Features includ…
Downloadable IOCs 120
People's Republic of China-Linked Actors Compromise Routers and IoT Devices for Botnet Operations
PRC-linked cyber actors have compromised thousands of Internet-connected devices to create a botnet for malicious activities. Integrity Technology Group, a PRC-based company with government links, has controlled a botnet of over 260,000 devices since mid-2021. The botnet uses Mirai-based malware to…
Downloadable IOCs 169
Derailing the Raptor Train
A large, multi-tiered botnet called Raptor Train, likely operated by Chinese threat actors Flax Typhoon, has been discovered. Consisting of over 60,000 compromised SOHO and IoT devices at its peak, it's one of the largest Chinese state-sponsored IoT botnets to date. The botnet uses a sophisticated …
Downloadable IOCs 198
CERT-UA Report: UAC-0198: Mass distribution of ANONVNC (MESHAGENT) among government organizations of Ukraine
According to the report, cyber operations related to the ongoing military conflict between Russia and Ukraine are ongoing. The report highlights the potential risks and threats posed by Russian state-sponsored actors, including the deployment of wiper malware, distributed denial-of-service (DDoS) a…
Downloadable IOCs 26
New Threat: A Deep Dive Into the Zergeca Botnet
An analysis of a newly discovered botnet named Zergeca, implemented in Go language, with capabilities for DDoS attacks, proxying, scanning, self-upgrading, persistence, file transfer, reverse shell, and collecting sensitive device information. The report delves into the botnet's unique features, in…
Downloadable IOCs 13
The Pumpkin Eclipse - Chalubo Malware
Chalubo is a commodity remote access trojan (RAT). First identified in 2018, employed savvy tradecraft to obfuscate its activity; it removed all files from disk to run in-memory, assumed a random process name already present on the device, and encrypted all communications with the command and contr…
Downloadable IOCs 176
New Goldoon Botnet Targeting D-Link Devices
In April 2024, FortiGuard Labs observed a new botnet exploiting a nearly decade-old D-Link vulnerability to take control of devices and incorporate them into a botnet used to launch attacks. The malware, named Goldoon, establishes persistence and connects to a C2 server to receive commands, includi…
Downloadable IOCs 24
Linux Trojan - Xorddos with Filename eyshcjdmzg
This analysis examines a recurring Linux trojan called Xorddos, which is a distributed denial-of-service (DDoS) malware. It provides details on various file hashes associated with the malware, as well as indicators of compromise (IOCs) such as IP addresses, domains, and email addresses. The analysi…
Downloadable IOCs 11
Bulbature, beneath the waves of GobRAT
This report examines an infrastructure used to control compromised edge devices transformed into Operational Relay Boxes for launching cyber attacks. The infrastructure, consisting of 63 identified servers, uses GobRAT and Bulbature malware to compromise devices and create a botnet. Features includ…
Downloadable IOCs 120
People's Republic of China-Linked Actors Compromise Routers and IoT Devices for Botnet Operations
PRC-linked cyber actors have compromised thousands of Internet-connected devices to create a botnet for malicious activities. Integrity Technology Group, a PRC-based company with government links, has controlled a botnet of over 260,000 devices since mid-2021. The botnet uses Mirai-based malware to…
Downloadable IOCs 169
Derailing the Raptor Train
A large, multi-tiered botnet called Raptor Train, likely operated by Chinese threat actors Flax Typhoon, has been discovered. Consisting of over 60,000 compromised SOHO and IoT devices at its peak, it's one of the largest Chinese state-sponsored IoT botnets to date. The botnet uses a sophisticated …
Downloadable IOCs 198
CERT-UA Report: UAC-0198: Mass distribution of ANONVNC (MESHAGENT) among government organizations of Ukraine
According to the report, cyber operations related to the ongoing military conflict between Russia and Ukraine are ongoing. The report highlights the potential risks and threats posed by Russian state-sponsored actors, including the deployment of wiper malware, distributed denial-of-service (DDoS) a…
Downloadable IOCs 26
New Threat: A Deep Dive Into the Zergeca Botnet
An analysis of a newly discovered botnet named Zergeca, implemented in Go language, with capabilities for DDoS attacks, proxying, scanning, self-upgrading, persistence, file transfer, reverse shell, and collecting sensitive device information. The report delves into the botnet's unique features, in…
Downloadable IOCs 13
The Pumpkin Eclipse - Chalubo Malware
Chalubo is a commodity remote access trojan (RAT). First identified in 2018, employed savvy tradecraft to obfuscate its activity; it removed all files from disk to run in-memory, assumed a random process name already present on the device, and encrypted all communications with the command and contr…
Downloadable IOCs 176
New Goldoon Botnet Targeting D-Link Devices
In April 2024, FortiGuard Labs observed a new botnet exploiting a nearly decade-old D-Link vulnerability to take control of devices and incorporate them into a botnet used to launch attacks. The malware, named Goldoon, establishes persistence and connects to a C2 server to receive commands, includi…
Downloadable IOCs 24
Linux Trojan - Xorddos with Filename eyshcjdmzg
This analysis examines a recurring Linux trojan called Xorddos, which is a distributed denial-of-service (DDoS) malware. It provides details on various file hashes associated with the malware, as well as indicators of compromise (IOCs) such as IP addresses, domains, and email addresses. The analysi…
Downloadable IOCs 11