XorDdos

Malware updated 6 months ago (2024-05-04T21:19:11.672Z)
Download STIX
Preview STIX
XorDdos is a malicious software (malware) that was discovered by Microsoft in 2014 and has been widely used in attacks against cloud and Internet of Things (IoT) deployments. The Linux Trojan targets Linux devices, causing disruptions and potentially stealing sensitive information. It has been linked to a significant surge in use and has been documented as a stealthy distributed denial-of-service (DDoS) malware. Researchers have found considerable overlap between XorDdos and another Linux malware called Krasue, particularly in the rootkit portions of both malwares. The similarities suggest that Krasue was likely created by the same author as XorDdos or at least someone who had access to the XorDdos source code. This connection points to a possible shared author or operator, indicating a broader network of malware threats exploiting similar vulnerabilities. In addition to this, it was observed that a separate Linux Remote Access Trojan (RAT), likely tied to the creators of XorDdos, had been operating undetected for nearly two years, targeting organizations in Thailand and maintaining malicious access to infected systems. This discovery further underscores the stealth and persistence of these threats. In conclusion, the link between XorDdos and other malwares such as Krasue highlights the need for continuous vigilance and advanced security measures to protect against evolving cyber threats.
Description last updated: 2024-05-04T20:47:10.462Z
What's your take? (Question 1 of 5)
Help tune the shared Cybergeist dataset, assist your peers, and earn karma. Expand the panel to get started.
Possible Aliases / Cluster overlaps
It's hard to track cluster overlaps and naming conventions between vendors, so here are some possible overlapping names / profiles you also may want to look at. Create a free account to see the source evidence for each alias, and help fix any errors.
Alias DescriptionVotes
Krasue is a possible alias for XorDdos. Krasue is a newly discovered malware that specifically targets Linux systems. Identified by cybersecurity researchers at Group-IB, this malicious software has been found to be primarily focused on telecom companies in Thailand. As with most malware, Krasue enters systems without the user's knowledge
4
Miscellaneous Associations
Other elements of context that could aid in the identification of relevance
Trojan
Linux
Malware
Rootkit
Rat
Analyst Notes & Discussion
Be the first to leave your mark here! Log in to share your views and vote.