Outlaw cybergang attacking targets worldwide

SUMMARY :

A recent incident response case in Brazil revealed a Perl-based crypto mining botnet called Outlaw, also known as Dota, targeting Linux environments. The threat actor exploits weak SSH credentials, downloads malicious scripts, and deploys an XMRig miner for Monero cryptocurrency. The botnet includes an IRC-based client that acts as a backdoor, allowing for various malicious activities. Victims have been identified mainly in the United States, with additional targets in Germany, Italy, Thailand, Singapore, Taiwan, Canada, and Brazil. The article provides detailed analysis of the malware's components, persistence mechanisms, and evasion techniques. Recommendations for system administrators include hardening SSH configurations and implementing additional security measures to mitigate the risk of compromise.

OPENCTI LABELS :

backdoor,linux,botnet,evasion,xmrig,persistence,irc,ssh,crypto mining,outlaw,dota


Open in NetmanageIT OpenCTI Public Instance with below link!


Use public read only username and password on login page.

NOTE : Use Public READ only user credentials on login page banner.


Outlaw cybergang attacking targets worldwide