Skip to content

[Intel]: https://www.microsoft.com/security/blog/2022/05/19/rise-in-xorddos-a-deeper-look-at-the-stealthy-ddos-malware-targeting-linux-devices/ #439

New issue
New issue
Open
Open
[Intel]: https://www.microsoft.com/security/blog/2022/05/19/rise-in-xorddos-a-deeper-look-at-the-stealthy-ddos-malware-targeting-linux-devices/#439
Assignees
timb-machine
Labels
missing:tag:Non-persistentStoragemissing:tag:RedirectionToNullmissing:tag:T1005missing:tag:T1021.002missing:tag:T1027.002missing:tag:T1037missing:tag:T1037.004missing:tag:T1046missing:tag:T1048missing:tag:T1053.003missing:tag:T1057missing:tag:T1069missing:tag:T1070.002missing:tag:T1070.003missing:tag:T1070.004missing:tag:T1071.001missing:tag:T1083missing:tag:T1491missing:tag:T1518missing:tag:T1546.004missing:tag:T1548.003missing:tag:T1552.003missing:tag:T1567missing:tag:T1573missing:tag:T1590
@timb-machine

Description

@timb-machine
timb-machine
opened on May 21, 2022

Area

Malware reports

Parent threat

Initial Access, Credential Access, Impact

Finding

https://www.microsoft.com/security/blog/2022/05/19/rise-in-xorddos-a-deeper-look-at-the-stealthy-ddos-malware-targeting-linux-devices/

Industry reference

attack:T1078:Valid Accounts
attack:T1100:Brute Force
attack:T1498:Network Denial of Service
attack:T1053.003:Cron
attack:T1105:Ingress Tool Transfer
attack:T1027:Obfuscated Files or Information
attack:T1014:Rootkit
attack:T1082:System Information Discovery
attack:T1003.007:Proc Filesystem
attack:T1562.001:Disable or Modify Tools
attack:T1037.004:RC Scripts
attack:T1070.004:File Deletion
attack:T1036.005:Match Legitimate Name or Location
uses:Non-persistentStorage
uses:ioctl
uses:PortHiding
#129
uses:ProcessTreeSpoofing

Malware reference

XorDDoS
Rooty

Actor reference

No response

Component

Linux

Scenario

No response

Metadata

Metadata