Catddos

CatDDoS, a variant of the Mirai distributed denial-of-service (DDoS) botnet, is a potent malware threat that has been compromising more than 300 targets daily in its latest wave of attacks. The malware infects systems through suspicious downloads, emails, or websites and can disrupt operations, steal personal information, or hold data for ransom. CatDDoS actors exploit vulnerabilities across various products and technologies, including Apache ActiveMQ Servers, Apache Log4j, Cisco Linksys, Jenkins servers, and NetGear routers. The malware's source code was publicly released by its original authors in December after an unsuccessful attempt to sell it, leading to multiple gangs using CatDDoS variants. After dropping out of sight in December, CatDDoS resurfaced with increased activity, prompting researchers at China's QiAnXin XLab, who were tracking the threat, to assume that the operators of the malware may have resumed their activities. New DDoS botnets like hailBot, kiraiBot, and catDDoS have emerged based on the leaked Mirai source code from 2016, adding to the complexity of the threat landscape. Despite not building a complete botnet Trojan horse from scratch, the controller of catDDoS has prioritized the concealment of the Trojan horse, making detection and mitigation more challenging. The impact of CatDDoS is significant, with up to 300k internet hosts at risk for devastating loop DDoS attacks. The malware has demonstrated a diverse distribution of attack targets and a variety of attack methods. NSFOCUS, Inc., a global network and cyber security leader, has provided detailed insights into the go-live packet traffic and data packet structure of the catDDoS family, as well as the key and nonce of the ChaCha20 algorithm used by the malware. This information is critical for understanding the operational behavior of CatDDoS and developing effective countermeasures.