Botnet

Outlaw

First seen: 2018 • Status: active

Currently Active Threat

Outlaw is a criminal groups botnet that breaks into Linux servers to mine cryptocurrency.

Overview

Outlaw is a Linux botnet operated by a hacking group of the same name. It spreads via SSH brute force and deploys cryptocurrency miners.

Also Known As

Dota Botnet, Outlaw Miner

How It Spreads

  • SSH brute force
  • Shellshock exploitation
  • Known vulnerabilities

What It Does

  • Cryptocurrency mining
  • IRC botnet
  • DDoS capabilities
  • Worm propagation

Is your business exposed?

Target Platforms

Linux

Detection Tips

  • Monitor for SSH brute force
  • Check for mining processes
  • Analyze IRC C2 traffic
  • Review cron job additions

MITRE ATT&CK Techniques

T1110, T1496, T1498, T1570

If You're Infected

  1. 1.

    Remove Outlaw components

  2. 2.

    Reset SSH credentials

  3. 3.

    Implement SSH security

  4. 4.

    Patch known vulnerabilities

Related Malware

Xorddos, Tsunami, Kinsing

Is your business exposed?

Check if your company data is circulating on the dark web

Free scan • No credit card required

Privacy PolicyYour Privacy Choices