A naukri.com initiative
Securelist
3w
425
Image Credit: Securelist
Outlaw cybergang attacking targets worldwide
- Outlaw (also known as “Dota”) is a Perl-based crypto mining botnet that targets Linux environments by exploiting weak or default SSH credentials.
- The threat actor behind Outlaw uses tactics like downloading first-stage scripts, monitoring processes, and maintaining persistence on infected machines.
- The malware used by Outlaw includes an IRC-based botnet client acting as a backdoor, supporting malicious activities like DDoS attacks, file operations, and command execution.
- Outlaw gang's activities have been identified in countries like the United States, Germany, Italy, Thailand, Singapore, Taiwan, Canada, and Brazil.
- Recommendations to protect against Outlaw include hardening SSH servers with key-based authentication, custom configurations, and additional security parameters.
- Outlaw's techniques include obfuscation, malicious XMRig miners, customized malware, and a diverse range of malicious activities.
- Security practitioners can adopt measures like limiting SSH access, using tools like Fail2Ban, and monitoring for suspicious processes to mitigate the Outlaw threat effectively.
- The Outlaw gang employs various tactics, techniques, and procedures (TTPs) categorized under execution, persistence, defense evasion, credential access, discovery, lateral movement, collection, command and control, exfiltration, and impact.
- Indicators of Compromise (IoCs) related to Outlaw include cryptographic hashes, specific file names, IP addresses, Monero wallet information, and more.
Read Full Article
25 Likes
For uninterrupted reading, download the app