Tag: ddos

This report examines an infrastructure used to control compromised edge devices transformed into Operational Relay Boxes for launching cyber attacks. The infrastructure, consisting of 63 identified servers, uses GobRAT and Bulbature malware to compromise devices and create a botnet. Features includ…

Downloadable IOCs 120

PRC-linked cyber actors have compromised thousands of Internet-connected devices to create a botnet for malicious activities. Integrity Technology Group, a PRC-based company with government links, has controlled a botnet of over 260,000 devices since mid-2021. The botnet uses Mirai-based malware to…

Downloadable IOCs 169

A large, multi-tiered botnet called Raptor Train, likely operated by Chinese threat actors Flax Typhoon, has been discovered. Consisting of over 60,000 compromised SOHO and IoT devices at its peak, it's one of the largest Chinese state-sponsored IoT botnets to date. The botnet uses a sophisticated …

Downloadable IOCs 198

According to the report, cyber operations related to the ongoing military conflict between Russia and Ukraine are ongoing. The report highlights the potential risks and threats posed by Russian state-sponsored actors, including the deployment of wiper malware, distributed denial-of-service (DDoS) a…

Downloadable IOCs 26

An analysis of a newly discovered botnet named Zergeca, implemented in Go language, with capabilities for DDoS attacks, proxying, scanning, self-upgrading, persistence, file transfer, reverse shell, and collecting sensitive device information. The report delves into the botnet's unique features, in…

Downloadable IOCs 13

Chalubo is a commodity remote access trojan (RAT). First identified in 2018, employed savvy tradecraft to obfuscate its activity; it removed all files from disk to run in-memory, assumed a random process name already present on the device, and encrypted all communications with the command and contr…

Downloadable IOCs 176

In April 2024, FortiGuard Labs observed a new botnet exploiting a nearly decade-old D-Link vulnerability to take control of devices and incorporate them into a botnet used to launch attacks. The malware, named Goldoon, establishes persistence and connects to a C2 server to receive commands, includi…

Downloadable IOCs 24

This analysis examines a recurring Linux trojan called Xorddos, which is a distributed denial-of-service (DDoS) malware. It provides details on various file hashes associated with the malware, as well as indicators of compromise (IOCs) such as IP addresses, domains, and email addresses. The analysi…

Downloadable IOCs 11

This report examines an infrastructure used to control compromised edge devices transformed into Operational Relay Boxes for launching cyber attacks. The infrastructure, consisting of 63 identified servers, uses GobRAT and Bulbature malware to compromise devices and create a botnet. Features includ…

Downloadable IOCs 120

PRC-linked cyber actors have compromised thousands of Internet-connected devices to create a botnet for malicious activities. Integrity Technology Group, a PRC-based company with government links, has controlled a botnet of over 260,000 devices since mid-2021. The botnet uses Mirai-based malware to…

Downloadable IOCs 169

A large, multi-tiered botnet called Raptor Train, likely operated by Chinese threat actors Flax Typhoon, has been discovered. Consisting of over 60,000 compromised SOHO and IoT devices at its peak, it's one of the largest Chinese state-sponsored IoT botnets to date. The botnet uses a sophisticated …

Downloadable IOCs 198

According to the report, cyber operations related to the ongoing military conflict between Russia and Ukraine are ongoing. The report highlights the potential risks and threats posed by Russian state-sponsored actors, including the deployment of wiper malware, distributed denial-of-service (DDoS) a…

Downloadable IOCs 26

An analysis of a newly discovered botnet named Zergeca, implemented in Go language, with capabilities for DDoS attacks, proxying, scanning, self-upgrading, persistence, file transfer, reverse shell, and collecting sensitive device information. The report delves into the botnet's unique features, in…

Downloadable IOCs 13

Chalubo is a commodity remote access trojan (RAT). First identified in 2018, employed savvy tradecraft to obfuscate its activity; it removed all files from disk to run in-memory, assumed a random process name already present on the device, and encrypted all communications with the command and contr…

Downloadable IOCs 176

In April 2024, FortiGuard Labs observed a new botnet exploiting a nearly decade-old D-Link vulnerability to take control of devices and incorporate them into a botnet used to launch attacks. The malware, named Goldoon, establishes persistence and connects to a C2 server to receive commands, includi…

Downloadable IOCs 24

This analysis examines a recurring Linux trojan called Xorddos, which is a distributed denial-of-service (DDoS) malware. It provides details on various file hashes associated with the malware, as well as indicators of compromise (IOCs) such as IP addresses, domains, and email addresses. The analysi…

Downloadable IOCs 11

This report examines an infrastructure used to control compromised edge devices transformed into Operational Relay Boxes for launching cyber attacks. The infrastructure, consisting of 63 identified servers, uses GobRAT and Bulbature malware to compromise devices and create a botnet. Features includ…

Downloadable IOCs 120

PRC-linked cyber actors have compromised thousands of Internet-connected devices to create a botnet for malicious activities. Integrity Technology Group, a PRC-based company with government links, has controlled a botnet of over 260,000 devices since mid-2021. The botnet uses Mirai-based malware to…

Downloadable IOCs 169

A large, multi-tiered botnet called Raptor Train, likely operated by Chinese threat actors Flax Typhoon, has been discovered. Consisting of over 60,000 compromised SOHO and IoT devices at its peak, it's one of the largest Chinese state-sponsored IoT botnets to date. The botnet uses a sophisticated …

Downloadable IOCs 198

According to the report, cyber operations related to the ongoing military conflict between Russia and Ukraine are ongoing. The report highlights the potential risks and threats posed by Russian state-sponsored actors, including the deployment of wiper malware, distributed denial-of-service (DDoS) a…

Downloadable IOCs 26

An analysis of a newly discovered botnet named Zergeca, implemented in Go language, with capabilities for DDoS attacks, proxying, scanning, self-upgrading, persistence, file transfer, reverse shell, and collecting sensitive device information. The report delves into the botnet's unique features, in…

Downloadable IOCs 13

Chalubo is a commodity remote access trojan (RAT). First identified in 2018, employed savvy tradecraft to obfuscate its activity; it removed all files from disk to run in-memory, assumed a random process name already present on the device, and encrypted all communications with the command and contr…

Downloadable IOCs 176

In April 2024, FortiGuard Labs observed a new botnet exploiting a nearly decade-old D-Link vulnerability to take control of devices and incorporate them into a botnet used to launch attacks. The malware, named Goldoon, establishes persistence and connects to a C2 server to receive commands, includi…

Downloadable IOCs 24

This analysis examines a recurring Linux trojan called Xorddos, which is a distributed denial-of-service (DDoS) malware. It provides details on various file hashes associated with the malware, as well as indicators of compromise (IOCs) such as IP addresses, domains, and email addresses. The analysi…

Downloadable IOCs 11

This report examines an infrastructure used to control compromised edge devices transformed into Operational Relay Boxes for launching cyber attacks. The infrastructure, consisting of 63 identified servers, uses GobRAT and Bulbature malware to compromise devices and create a botnet. Features includ…

Downloadable IOCs 120

PRC-linked cyber actors have compromised thousands of Internet-connected devices to create a botnet for malicious activities. Integrity Technology Group, a PRC-based company with government links, has controlled a botnet of over 260,000 devices since mid-2021. The botnet uses Mirai-based malware to…

Downloadable IOCs 169

A large, multi-tiered botnet called Raptor Train, likely operated by Chinese threat actors Flax Typhoon, has been discovered. Consisting of over 60,000 compromised SOHO and IoT devices at its peak, it's one of the largest Chinese state-sponsored IoT botnets to date. The botnet uses a sophisticated …

Downloadable IOCs 198

According to the report, cyber operations related to the ongoing military conflict between Russia and Ukraine are ongoing. The report highlights the potential risks and threats posed by Russian state-sponsored actors, including the deployment of wiper malware, distributed denial-of-service (DDoS) a…

Downloadable IOCs 26

An analysis of a newly discovered botnet named Zergeca, implemented in Go language, with capabilities for DDoS attacks, proxying, scanning, self-upgrading, persistence, file transfer, reverse shell, and collecting sensitive device information. The report delves into the botnet's unique features, in…

Downloadable IOCs 13

Chalubo is a commodity remote access trojan (RAT). First identified in 2018, employed savvy tradecraft to obfuscate its activity; it removed all files from disk to run in-memory, assumed a random process name already present on the device, and encrypted all communications with the command and contr…

Downloadable IOCs 176

In April 2024, FortiGuard Labs observed a new botnet exploiting a nearly decade-old D-Link vulnerability to take control of devices and incorporate them into a botnet used to launch attacks. The malware, named Goldoon, establishes persistence and connects to a C2 server to receive commands, includi…

Downloadable IOCs 24

This analysis examines a recurring Linux trojan called Xorddos, which is a distributed denial-of-service (DDoS) malware. It provides details on various file hashes associated with the malware, as well as indicators of compromise (IOCs) such as IP addresses, domains, and email addresses. The analysi…

Downloadable IOCs 11

This report examines an infrastructure used to control compromised edge devices transformed into Operational Relay Boxes for launching cyber attacks. The infrastructure, consisting of 63 identified servers, uses GobRAT and Bulbature malware to compromise devices and create a botnet. Features includ…

Downloadable IOCs 120

PRC-linked cyber actors have compromised thousands of Internet-connected devices to create a botnet for malicious activities. Integrity Technology Group, a PRC-based company with government links, has controlled a botnet of over 260,000 devices since mid-2021. The botnet uses Mirai-based malware to…

Downloadable IOCs 169

A large, multi-tiered botnet called Raptor Train, likely operated by Chinese threat actors Flax Typhoon, has been discovered. Consisting of over 60,000 compromised SOHO and IoT devices at its peak, it's one of the largest Chinese state-sponsored IoT botnets to date. The botnet uses a sophisticated …

Downloadable IOCs 198

According to the report, cyber operations related to the ongoing military conflict between Russia and Ukraine are ongoing. The report highlights the potential risks and threats posed by Russian state-sponsored actors, including the deployment of wiper malware, distributed denial-of-service (DDoS) a…

Downloadable IOCs 26

An analysis of a newly discovered botnet named Zergeca, implemented in Go language, with capabilities for DDoS attacks, proxying, scanning, self-upgrading, persistence, file transfer, reverse shell, and collecting sensitive device information. The report delves into the botnet's unique features, in…

Downloadable IOCs 13

Chalubo is a commodity remote access trojan (RAT). First identified in 2018, employed savvy tradecraft to obfuscate its activity; it removed all files from disk to run in-memory, assumed a random process name already present on the device, and encrypted all communications with the command and contr…

Downloadable IOCs 176

In April 2024, FortiGuard Labs observed a new botnet exploiting a nearly decade-old D-Link vulnerability to take control of devices and incorporate them into a botnet used to launch attacks. The malware, named Goldoon, establishes persistence and connects to a C2 server to receive commands, includi…

Downloadable IOCs 24

This analysis examines a recurring Linux trojan called Xorddos, which is a distributed denial-of-service (DDoS) malware. It provides details on various file hashes associated with the malware, as well as indicators of compromise (IOCs) such as IP addresses, domains, and email addresses. The analysi…

Downloadable IOCs 11

This report examines an infrastructure used to control compromised edge devices transformed into Operational Relay Boxes for launching cyber attacks. The infrastructure, consisting of 63 identified servers, uses GobRAT and Bulbature malware to compromise devices and create a botnet. Features includ…

Downloadable IOCs 120

PRC-linked cyber actors have compromised thousands of Internet-connected devices to create a botnet for malicious activities. Integrity Technology Group, a PRC-based company with government links, has controlled a botnet of over 260,000 devices since mid-2021. The botnet uses Mirai-based malware to…

Downloadable IOCs 169

A large, multi-tiered botnet called Raptor Train, likely operated by Chinese threat actors Flax Typhoon, has been discovered. Consisting of over 60,000 compromised SOHO and IoT devices at its peak, it's one of the largest Chinese state-sponsored IoT botnets to date. The botnet uses a sophisticated …

Downloadable IOCs 198

According to the report, cyber operations related to the ongoing military conflict between Russia and Ukraine are ongoing. The report highlights the potential risks and threats posed by Russian state-sponsored actors, including the deployment of wiper malware, distributed denial-of-service (DDoS) a…

Downloadable IOCs 26

An analysis of a newly discovered botnet named Zergeca, implemented in Go language, with capabilities for DDoS attacks, proxying, scanning, self-upgrading, persistence, file transfer, reverse shell, and collecting sensitive device information. The report delves into the botnet's unique features, in…

Downloadable IOCs 13

Chalubo is a commodity remote access trojan (RAT). First identified in 2018, employed savvy tradecraft to obfuscate its activity; it removed all files from disk to run in-memory, assumed a random process name already present on the device, and encrypted all communications with the command and contr…

Downloadable IOCs 176

In April 2024, FortiGuard Labs observed a new botnet exploiting a nearly decade-old D-Link vulnerability to take control of devices and incorporate them into a botnet used to launch attacks. The malware, named Goldoon, establishes persistence and connects to a C2 server to receive commands, includi…

Downloadable IOCs 24

This analysis examines a recurring Linux trojan called Xorddos, which is a distributed denial-of-service (DDoS) malware. It provides details on various file hashes associated with the malware, as well as indicators of compromise (IOCs) such as IP addresses, domains, and email addresses. The analysi…

Downloadable IOCs 11

This report examines an infrastructure used to control compromised edge devices transformed into Operational Relay Boxes for launching cyber attacks. The infrastructure, consisting of 63 identified servers, uses GobRAT and Bulbature malware to compromise devices and create a botnet. Features includ…

Downloadable IOCs 120

PRC-linked cyber actors have compromised thousands of Internet-connected devices to create a botnet for malicious activities. Integrity Technology Group, a PRC-based company with government links, has controlled a botnet of over 260,000 devices since mid-2021. The botnet uses Mirai-based malware to…

Downloadable IOCs 169

A large, multi-tiered botnet called Raptor Train, likely operated by Chinese threat actors Flax Typhoon, has been discovered. Consisting of over 60,000 compromised SOHO and IoT devices at its peak, it's one of the largest Chinese state-sponsored IoT botnets to date. The botnet uses a sophisticated …

Downloadable IOCs 198

According to the report, cyber operations related to the ongoing military conflict between Russia and Ukraine are ongoing. The report highlights the potential risks and threats posed by Russian state-sponsored actors, including the deployment of wiper malware, distributed denial-of-service (DDoS) a…

Downloadable IOCs 26

An analysis of a newly discovered botnet named Zergeca, implemented in Go language, with capabilities for DDoS attacks, proxying, scanning, self-upgrading, persistence, file transfer, reverse shell, and collecting sensitive device information. The report delves into the botnet's unique features, in…

Downloadable IOCs 13

Chalubo is a commodity remote access trojan (RAT). First identified in 2018, employed savvy tradecraft to obfuscate its activity; it removed all files from disk to run in-memory, assumed a random process name already present on the device, and encrypted all communications with the command and contr…

Downloadable IOCs 176

In April 2024, FortiGuard Labs observed a new botnet exploiting a nearly decade-old D-Link vulnerability to take control of devices and incorporate them into a botnet used to launch attacks. The malware, named Goldoon, establishes persistence and connects to a C2 server to receive commands, includi…

Downloadable IOCs 24

This analysis examines a recurring Linux trojan called Xorddos, which is a distributed denial-of-service (DDoS) malware. It provides details on various file hashes associated with the malware, as well as indicators of compromise (IOCs) such as IP addresses, domains, and email addresses. The analysi…

Downloadable IOCs 11

This report examines an infrastructure used to control compromised edge devices transformed into Operational Relay Boxes for launching cyber attacks. The infrastructure, consisting of 63 identified servers, uses GobRAT and Bulbature malware to compromise devices and create a botnet. Features includ…

Downloadable IOCs 120

PRC-linked cyber actors have compromised thousands of Internet-connected devices to create a botnet for malicious activities. Integrity Technology Group, a PRC-based company with government links, has controlled a botnet of over 260,000 devices since mid-2021. The botnet uses Mirai-based malware to…

Downloadable IOCs 169

A large, multi-tiered botnet called Raptor Train, likely operated by Chinese threat actors Flax Typhoon, has been discovered. Consisting of over 60,000 compromised SOHO and IoT devices at its peak, it's one of the largest Chinese state-sponsored IoT botnets to date. The botnet uses a sophisticated …

Downloadable IOCs 198

According to the report, cyber operations related to the ongoing military conflict between Russia and Ukraine are ongoing. The report highlights the potential risks and threats posed by Russian state-sponsored actors, including the deployment of wiper malware, distributed denial-of-service (DDoS) a…

Downloadable IOCs 26

An analysis of a newly discovered botnet named Zergeca, implemented in Go language, with capabilities for DDoS attacks, proxying, scanning, self-upgrading, persistence, file transfer, reverse shell, and collecting sensitive device information. The report delves into the botnet's unique features, in…

Downloadable IOCs 13

Chalubo is a commodity remote access trojan (RAT). First identified in 2018, employed savvy tradecraft to obfuscate its activity; it removed all files from disk to run in-memory, assumed a random process name already present on the device, and encrypted all communications with the command and contr…

Downloadable IOCs 176

In April 2024, FortiGuard Labs observed a new botnet exploiting a nearly decade-old D-Link vulnerability to take control of devices and incorporate them into a botnet used to launch attacks. The malware, named Goldoon, establishes persistence and connects to a C2 server to receive commands, includi…

Downloadable IOCs 24

This analysis examines a recurring Linux trojan called Xorddos, which is a distributed denial-of-service (DDoS) malware. It provides details on various file hashes associated with the malware, as well as indicators of compromise (IOCs) such as IP addresses, domains, and email addresses. The analysi…

Downloadable IOCs 11