1799:
22:
is a Linux Trojan malware with rootkit capabilities that was used to launch large-scale DDoS attacks. Its name stems from the heavy usage of XOR encryption in both malware and network communication to the C&Cs. It is built for multiple Linux architectures like ARM, x86 and x64. Noteworthy about
34:
In order to gain access it launches a brute force attack in order to discover the password to Secure Shell services on Linux. Once Secure Shell credentials are acquired and login is successful, it uses root privileges to run a script that downloads and installs XOR DDoS. It is believed to be of
280:
273:
644:
664:
23:
XOR DDoS is the ability to hide itself with an embedded rootkit component which is obtained by multiple installation steps. It was discovered in
September 2014 by
173:
247:
195:
150:
356:
330:
1278:
816:
634:
624:
578:
31:
malware research group. From
November 2014 it was involved in massive brute force campaign that lasted at least for three months.
1212:
1840:
393:
101:
748:
1162:
629:
1869:
1296:
779:
557:
323:
127:
1302:
828:
789:
424:
251:
1362:
1308:
883:
774:
603:
1356:
710:
547:
449:
203:
1759:
769:
542:
511:
649:
562:
361:
351:
316:
45:
28:
1523:
913:
700:
639:
598:
496:
1260:
1018:
753:
516:
853:
1833:
1707:
1048:
903:
695:
588:
532:
454:
1188:
1157:
784:
75:
743:
1326:
893:
811:
717:
690:
65:
1482:
1146:
619:
552:
398:
1884:
1879:
1874:
1043:
705:
685:
1859:
1826:
1544:
1497:
1405:
1332:
1116:
480:
727:
583:
1141:
506:
8:
1631:
659:
475:
248:"XOR DDoS Botnet Launching 20 Attacks a Day From Compromised Linux Machines, Says Akamai"
988:
225:
1769:
1764:
1661:
1290:
1053:
979:
669:
470:
60:
992:
501:
1774:
1656:
1626:
1230:
1086:
444:
408:
80:
1864:
1702:
1554:
1477:
1126:
1063:
938:
387:
1814:
1400:
1712:
1687:
1651:
1579:
1492:
1487:
1131:
923:
833:
537:
1810:
1451:
1446:
1136:
1121:
1111:
1106:
1038:
1013:
1008:
1003:
948:
722:
403:
24:
593:
1853:
1574:
1033:
984:
174:"XOR DDoS Botnet Uses Compromised Linux Machines to Launch 150+ Gbps Attacks"
1518:
1472:
1272:
1236:
1091:
1081:
974:
969:
964:
838:
654:
1754:
1744:
1692:
1600:
1456:
1266:
1096:
958:
823:
1697:
1682:
1610:
1350:
1254:
1206:
1182:
1170:
1028:
953:
943:
933:
918:
878:
803:
434:
308:
226:"New Botnet Hunts for Linux — Launching 20 DDoS Attacks/Day at 150Gbps"
128:"MMD-0028-2014 - Linux/XOR.DDoS : Fuzzy reversing a new China ELF"
1728:
1605:
1569:
1559:
1431:
1248:
998:
928:
868:
429:
35:
Asian origin based on its targets, which tend to be located in Asia.
151:"Sneaky Linux malware comes with sophisticated custom-built rootkit"
1636:
1564:
1549:
1368:
1344:
1218:
1200:
1101:
1023:
858:
843:
50:
196:"Anatomy of a Brute Force Campaign: The Story of Hee Thai Limited"
1806:
1666:
1539:
1502:
1436:
1415:
1385:
1338:
1320:
1242:
1176:
873:
863:
848:
70:
1798:
1749:
1641:
1595:
1410:
1224:
1194:
1073:
1058:
888:
439:
274:"Threat Advisory: XOR DDoS | DDoS mitigation, YARA, Snort"
55:
1374:
1314:
1284:
105:
1646:
1441:
102:"Linux DDoS Trojan hiding itself with an embedded rootkit"
625:
250:(Press release). Cambridge, MA: Reuters. Archived from
266:
1851:
665:Russian interference in the 2016 U.S. elections
16:Linux trojan malware with rootkit capabilities
1834:
324:
218:
635:Democratic National Committee cyber attacks
1841:
1827:
579:Office of Personnel Management data breach
331:
317:
148:
338:
279:. stateoftheinternet.com. Archived from
172:Cimpanu, Catalin (September 29, 2015).
171:
149:Constantin, Lucian (February 6, 2015).
1852:
240:
188:
312:
1793:
630:Commission on Elections data breach
13:
14:
1896:
790:Jeff Bezos phone hacking incident
1797:
1363:Microarchitectural Data Sampling
599:Ukrainian Power Grid Cyberattack
507:Cyberterrorism attack of June 25
711:2017 Ukraine ransomware attacks
548:2014 JPMorgan Chase data breach
543:2014 celebrity nude photo leak
165:
142:
120:
94:
1:
780:Bulgarian revenue agency hack
558:Russian hacker password theft
87:
46:Application layer DDoS attack
1813:. You can help Knowledge by
914:Bangladesh Black Hat Hackers
390:(publication of 2009 events)
7:
775:Baltimore ransomware attack
38:
10:
1901:
1792:
1049:Tailored Access Operations
696:WannaCry ransomware attack
589:Ashley Madison data breach
533:Anthem medical data breach
450:PlayStation network outage
1870:Denial-of-service attacks
1737:
1721:
1675:
1619:
1588:
1532:
1511:
1465:
1424:
1393:
1384:
1155:
1072:
902:
802:
785:WhatsApp snooping scandal
762:
736:
678:
650:Indian Bank data breaches
612:
571:
525:
489:
463:
417:
380:
373:
344:
202:. FireEye. Archived from
76:Zombie (computer science)
1327:Speculative Store Bypass
894:Ukrainian Cyber Alliance
691:2017 Macron e-mail leaks
66:Denial-of-service attack
701:Westminster data breach
620:Bangladesh Bank robbery
563:2014 Yahoo! data breach
553:2014 Sony Pictures hack
512:2013 Yahoo! data breach
497:South Korea cyberattack
399:Operation Olympic Games
394:Australian cyberattacks
1809:-related article is a
1044:Syrian Electronic Army
754:SingHealth data breach
517:Singapore cyberattacks
455:RSA SecurID compromise
1333:Lazy FP state restore
1117:Kristoffer von Hassel
770:Sri Lanka cyberattack
640:Vietnam Airport Hacks
481:Operation High Roller
1279:Silent Bob is Silent
339:Hacking in the 2010s
200:Threat Research Blog
153:. PCWorld (From IDG)
1213:SS7 vulnerabilities
749:Atlanta cyberattack
718:Equifax data breach
476:Stratfor email leak
425:Canadian government
404:Operation ShadowNet
228:. thehackernews.com
130:. Malware Must Die!
1662:Petya and NotPetya
1291:ROCA vulnerability
1054:The Shadow Brokers
980:Iranian Cyber Army
906:persistent threats
706:Petya and NotPetya
670:2016 Bitfinex hack
645:DCCC cyber attacks
604:SWIFT banking hack
61:Dendroid (Malware)
1822:
1821:
1787:
1786:
1783:
1782:
1775:ZeroAccess botnet
1087:Mustafa Al-Bassam
854:New World Hackers
817:associated events
798:
797:
594:VTech data breach
445:Operation AntiSec
409:Operation Payback
368:
367:
283:on March 23, 2021
254:on March 18, 2016
206:on March 18, 2015
108:. January 6, 2015
81:ZeroAccess botnet
1892:
1843:
1836:
1829:
1801:
1794:
1391:
1390:
1064:Yemen Cyber Army
388:Operation Aurora
378:
377:
347:
346:
333:
326:
319:
310:
309:
293:
292:
290:
288:
278:
270:
264:
263:
261:
259:
244:
238:
237:
235:
233:
222:
216:
215:
213:
211:
192:
186:
185:
183:
181:
176:. Softpedia News
169:
163:
162:
160:
158:
146:
140:
139:
137:
135:
124:
118:
117:
115:
113:
98:
1900:
1899:
1895:
1894:
1893:
1891:
1890:
1889:
1850:
1849:
1848:
1847:
1790:
1788:
1779:
1733:
1717:
1671:
1615:
1584:
1528:
1507:
1461:
1420:
1380:
1160:
1158:vulnerabilities
1151:
1068:
961:(confederation)
924:Charming Kitten
905:
898:
834:Goatse Security
794:
758:
732:
723:Deloitte breach
674:
660:Dyn cyberattack
608:
567:
538:Operation Tovar
521:
485:
459:
413:
374:Major incidents
369:
340:
337:
297:
296:
286:
284:
276:
272:
271:
267:
257:
255:
246:
245:
241:
231:
229:
224:
223:
219:
209:
207:
194:
193:
189:
179:
177:
170:
166:
156:
154:
147:
143:
133:
131:
126:
125:
121:
111:
109:
100:
99:
95:
90:
85:
41:
17:
12:
11:
5:
1898:
1888:
1887:
1882:
1877:
1872:
1867:
1862:
1846:
1845:
1838:
1831:
1823:
1820:
1819:
1802:
1785:
1784:
1781:
1780:
1778:
1777:
1772:
1767:
1762:
1757:
1752:
1747:
1741:
1739:
1735:
1734:
1732:
1731:
1725:
1723:
1719:
1718:
1716:
1715:
1710:
1705:
1700:
1695:
1690:
1685:
1679:
1677:
1673:
1672:
1670:
1669:
1664:
1659:
1654:
1649:
1644:
1639:
1634:
1629:
1623:
1621:
1617:
1616:
1614:
1613:
1608:
1603:
1598:
1592:
1590:
1586:
1585:
1583:
1582:
1577:
1572:
1567:
1562:
1557:
1552:
1547:
1545:Black Energy 3
1542:
1536:
1534:
1530:
1529:
1527:
1526:
1521:
1515:
1513:
1509:
1508:
1506:
1505:
1500:
1495:
1490:
1485:
1480:
1475:
1469:
1467:
1463:
1462:
1460:
1459:
1454:
1452:Metulji botnet
1449:
1444:
1439:
1434:
1428:
1426:
1422:
1421:
1419:
1418:
1413:
1408:
1406:Black Energy 2
1403:
1397:
1395:
1388:
1382:
1381:
1379:
1378:
1372:
1366:
1360:
1354:
1348:
1342:
1336:
1330:
1324:
1318:
1312:
1306:
1300:
1294:
1288:
1282:
1276:
1270:
1264:
1261:Broadcom Wi-Fi
1258:
1252:
1246:
1240:
1234:
1228:
1222:
1216:
1210:
1204:
1198:
1192:
1186:
1180:
1174:
1167:
1165:
1153:
1152:
1150:
1149:
1144:
1139:
1134:
1129:
1124:
1122:Junaid Hussain
1119:
1114:
1112:Jeremy Hammond
1109:
1107:Elliott Gunton
1104:
1099:
1094:
1089:
1084:
1078:
1076:
1070:
1069:
1067:
1066:
1061:
1056:
1051:
1046:
1041:
1039:Stealth Falcon
1036:
1031:
1026:
1021:
1016:
1014:PLA Unit 61486
1011:
1009:PLA Unit 61398
1006:
1004:Numbered Panda
1001:
996:
982:
977:
972:
967:
962:
956:
951:
949:Equation Group
946:
941:
936:
931:
926:
921:
916:
910:
908:
900:
899:
897:
896:
891:
886:
881:
876:
871:
866:
861:
856:
851:
846:
841:
836:
831:
826:
821:
820:
819:
808:
806:
800:
799:
796:
795:
793:
792:
787:
782:
777:
772:
766:
764:
760:
759:
757:
756:
751:
746:
740:
738:
734:
733:
731:
730:
725:
720:
715:
714:
713:
703:
698:
693:
688:
682:
680:
676:
675:
673:
672:
667:
662:
657:
652:
647:
642:
637:
632:
627:
622:
616:
614:
610:
609:
607:
606:
601:
596:
591:
586:
581:
575:
573:
569:
568:
566:
565:
560:
555:
550:
545:
540:
535:
529:
527:
523:
522:
520:
519:
514:
509:
504:
499:
493:
491:
487:
486:
484:
483:
478:
473:
467:
465:
461:
460:
458:
457:
452:
447:
442:
440:HBGary Federal
437:
432:
427:
421:
419:
415:
414:
412:
411:
406:
401:
396:
391:
384:
382:
375:
371:
370:
366:
365:
359:
354:
345:
342:
341:
336:
335:
328:
321:
313:
307:
306:
304:
302:
300:
295:
294:
265:
239:
217:
187:
164:
141:
119:
92:
91:
89:
86:
84:
83:
78:
73:
68:
63:
58:
53:
48:
42:
40:
37:
25:MalwareMustDie
15:
9:
6:
4:
3:
2:
1897:
1886:
1885:Malware stubs
1883:
1881:
1880:Linux malware
1878:
1876:
1875:Trojan horses
1873:
1871:
1868:
1866:
1863:
1861:
1858:
1857:
1855:
1844:
1839:
1837:
1832:
1830:
1825:
1824:
1818:
1816:
1812:
1808:
1803:
1800:
1796:
1795:
1791:
1776:
1773:
1771:
1768:
1766:
1763:
1761:
1758:
1756:
1753:
1751:
1748:
1746:
1743:
1742:
1740:
1736:
1730:
1727:
1726:
1724:
1720:
1714:
1711:
1709:
1706:
1704:
1701:
1699:
1696:
1694:
1691:
1689:
1686:
1684:
1681:
1680:
1678:
1674:
1668:
1665:
1663:
1660:
1658:
1655:
1653:
1650:
1648:
1645:
1643:
1640:
1638:
1635:
1633:
1630:
1628:
1625:
1624:
1622:
1618:
1612:
1609:
1607:
1604:
1602:
1599:
1597:
1594:
1593:
1591:
1587:
1581:
1578:
1576:
1575:Gameover ZeuS
1573:
1571:
1568:
1566:
1563:
1561:
1558:
1556:
1553:
1551:
1548:
1546:
1543:
1541:
1538:
1537:
1535:
1531:
1525:
1522:
1520:
1517:
1516:
1514:
1510:
1504:
1501:
1499:
1496:
1494:
1491:
1489:
1486:
1484:
1481:
1479:
1476:
1474:
1471:
1470:
1468:
1464:
1458:
1455:
1453:
1450:
1448:
1445:
1443:
1440:
1438:
1435:
1433:
1430:
1429:
1427:
1423:
1417:
1414:
1412:
1409:
1407:
1404:
1402:
1399:
1398:
1396:
1392:
1389:
1387:
1383:
1376:
1373:
1370:
1367:
1364:
1361:
1358:
1355:
1352:
1349:
1346:
1343:
1340:
1337:
1334:
1331:
1328:
1325:
1322:
1319:
1316:
1313:
1310:
1307:
1304:
1301:
1298:
1295:
1292:
1289:
1286:
1283:
1280:
1277:
1274:
1271:
1268:
1265:
1262:
1259:
1256:
1253:
1250:
1247:
1244:
1241:
1238:
1235:
1232:
1229:
1226:
1223:
1220:
1217:
1214:
1211:
1208:
1205:
1202:
1199:
1196:
1193:
1190:
1187:
1184:
1181:
1178:
1175:
1172:
1169:
1168:
1166:
1164:
1159:
1154:
1148:
1145:
1143:
1140:
1138:
1135:
1133:
1130:
1128:
1125:
1123:
1120:
1118:
1115:
1113:
1110:
1108:
1105:
1103:
1100:
1098:
1095:
1093:
1090:
1088:
1085:
1083:
1080:
1079:
1077:
1075:
1071:
1065:
1062:
1060:
1057:
1055:
1052:
1050:
1047:
1045:
1042:
1040:
1037:
1035:
1034:Rocket Kitten
1032:
1030:
1027:
1025:
1022:
1020:
1017:
1015:
1012:
1010:
1007:
1005:
1002:
1000:
997:
994:
990:
986:
985:Lazarus Group
983:
981:
978:
976:
973:
971:
968:
966:
963:
960:
957:
955:
952:
950:
947:
945:
942:
940:
937:
935:
932:
930:
927:
925:
922:
920:
917:
915:
912:
911:
909:
907:
901:
895:
892:
890:
887:
885:
882:
880:
877:
875:
872:
870:
867:
865:
862:
860:
857:
855:
852:
850:
847:
845:
842:
840:
837:
835:
832:
830:
827:
825:
822:
818:
815:
814:
813:
810:
809:
807:
805:
801:
791:
788:
786:
783:
781:
778:
776:
773:
771:
768:
767:
765:
761:
755:
752:
750:
747:
745:
742:
741:
739:
735:
729:
728:Disqus breach
726:
724:
721:
719:
716:
712:
709:
708:
707:
704:
702:
699:
697:
694:
692:
689:
687:
684:
683:
681:
677:
671:
668:
666:
663:
661:
658:
656:
653:
651:
648:
646:
643:
641:
638:
636:
633:
631:
628:
626:
623:
621:
618:
617:
615:
611:
605:
602:
600:
597:
595:
592:
590:
587:
585:
582:
580:
577:
576:
574:
570:
564:
561:
559:
556:
554:
551:
549:
546:
544:
541:
539:
536:
534:
531:
530:
528:
524:
518:
515:
513:
510:
508:
505:
503:
502:Snapchat hack
500:
498:
495:
494:
492:
488:
482:
479:
477:
474:
472:
471:LinkedIn hack
469:
468:
466:
462:
456:
453:
451:
448:
446:
443:
441:
438:
436:
433:
431:
428:
426:
423:
422:
420:
416:
410:
407:
405:
402:
400:
397:
395:
392:
389:
386:
385:
383:
379:
376:
372:
364: →
363:
360:
358:
355:
353:
350:←
349:
348:
343:
334:
329:
327:
322:
320:
315:
314:
311:
305:
303:
301:
299:
298:
282:
275:
269:
253:
249:
243:
227:
221:
205:
201:
197:
191:
180:September 29,
175:
168:
152:
145:
129:
123:
107:
103:
97:
93:
82:
79:
77:
74:
72:
69:
67:
64:
62:
59:
57:
54:
52:
49:
47:
44:
43:
36:
32:
30:
26:
21:
1860:Cyberwarfare
1815:expanding it
1804:
1789:
1519:CryptoLocker
1273:DoublePulsar
1092:Cyber Anakin
1082:Ryan Ackroyd
975:Helix Kitten
970:Hacking Team
965:Guccifer 2.0
839:Lizard Squad
655:Surkov leaks
584:Hacking Team
285:. Retrieved
281:the original
268:
256:. Retrieved
252:the original
242:
230:. Retrieved
220:
208:. Retrieved
204:the original
199:
190:
178:. Retrieved
167:
155:. Retrieved
144:
134:September 7,
132:. Retrieved
122:
112:September 7,
110:. Retrieved
96:
33:
19:
18:
1755:NetTraveler
1693:LogicLocker
1601:Hidden Tear
1498:Red October
1357:Dragonblood
1267:EternalBlue
1231:Stagefright
1097:George Hotz
1074:Individuals
824:CyberBerkut
157:February 6,
1854:Categories
1698:Rensenware
1683:BrickerBot
1611:TeslaCrypt
1401:Bad Rabbit
1351:Foreshadow
1255:Cloudbleed
1207:Row hammer
1189:Shellshock
1183:Heartbleed
1171:Evercookie
1147:The Jester
1029:Red Apollo
989:BlueNorOff
959:GOSSIPGIRL
954:Fancy Bear
944:Elfin Team
939:DarkMatter
934:Dark Basin
919:Bureau 121
879:Teamp0ison
804:Hacktivism
435:DNSChanger
88:References
1729:VPNFilter
1606:Rombertik
1570:FinFisher
1560:DarkHotel
1524:DarkSeoul
1432:Coreflood
1297:BlueBorne
1249:Dirty COW
1163:disclosed
1161:publicly
999:NSO Group
929:Cozy Bear
869:PayPal 14
812:Anonymous
686:SHAttered
430:DigiNotar
287:March 18,
258:March 18,
232:March 18,
210:March 18,
29:white hat
1770:Titanium
1713:XafeCopy
1708:WannaCry
1637:KeRanger
1565:Duqu 2.0
1550:Carbanak
1369:BlueKeep
1345:SigSpoof
1303:Meltdown
1219:WinShock
1201:Rootpipe
1102:Guccifer
1024:Pranknet
1019:PLATINUM
993:AndAriel
904:Advanced
859:NullCrew
844:LulzRaft
744:Trustico
357:Timeline
51:BASHLITE
39:See also
20:XOR DDoS
1865:Botnets
1807:malware
1667:X-Agent
1657:Pegasus
1540:Brambul
1503:Shamoon
1447:Kelihos
1437:Alureon
1416:Stuxnet
1386:Malware
1339:TLBleed
1321:Exactis
1309:Spectre
1243:Badlock
1177:iSeeYou
1142:Topiary
874:RedHack
864:OurMine
849:LulzSec
71:Rootkit
1750:Joanap
1703:Triton
1642:Necurs
1632:Jigsaw
1627:Hitler
1596:Dridex
1555:Careto
1478:Dexter
1411:SpyEye
1377:(2019)
1371:(2019)
1365:(2019)
1359:(2019)
1353:(2018)
1347:(2018)
1341:(2018)
1335:(2018)
1329:(2018)
1323:(2018)
1317:(2018)
1311:(2018)
1305:(2018)
1299:(2017)
1293:(2017)
1287:(2017)
1281:(2017)
1275:(2017)
1269:(2017)
1263:(2017)
1257:(2017)
1251:(2016)
1245:(2016)
1239:(2016)
1233:(2015)
1227:(2015)
1225:JASBUG
1221:(2014)
1215:(2014)
1209:(2014)
1203:(2014)
1197:(2014)
1195:POODLE
1191:(2014)
1185:(2014)
1179:(2013)
1173:(2010)
1156:Major
1137:Track2
1059:xDedic
889:UGNazi
56:Botnet
1805:This
1765:Tinba
1652:Mirai
1580:Regin
1493:Mahdi
1488:Flame
1473:Carna
1457:Stars
1375:Kr00k
1315:EFAIL
1285:KRACK
1237:DROWN
362:2020s
352:2000s
277:(PDF)
106:Avast
1811:stub
1760:R2D2
1745:Grum
1738:2019
1722:2018
1688:Kirk
1676:2017
1647:MEMZ
1620:2016
1589:2015
1533:2014
1512:2013
1466:2012
1442:Duqu
1425:2011
1394:2010
1132:Sabu
884:TDO
829:GNAA
763:2019
737:2018
679:2017
613:2016
572:2015
526:2014
490:2013
464:2012
418:2011
381:2010
289:2016
260:2016
234:2016
212:2016
182:2015
159:2015
136:2019
114:2019
27:, a
1483:FBI
1127:MLT
991:) (
1856::
198:.
104:.
1842:e
1835:t
1828:v
1817:.
995:)
987:(
332:e
325:t
318:v
291:.
262:.
236:.
214:.
184:.
161:.
138:.
116:.
Text is available under the Creative Commons Attribution-ShareAlike License. Additional terms may apply.