Botnet

XorDDoS

First seen: 2014 • Status: active

Currently Active Threat

XorDDoS is a Linux computer virus that guesses server passwords to build an army of attack machines.

Overview

XorDDoS is a Linux trojan that builds botnets for DDoS attacks. It spreads via SSH brute force and uses XOR encryption for C2 communications.

Also Known As

XOR.DDoS, XOR DDoS

How It Spreads

  • SSH brute force
  • Weak credentials
  • Container vulnerabilities

What It Does

  • DDoS attacks
  • Botnet operations
  • XOR-encrypted C2
  • Rootkit capabilities

Is your business exposed?

Target Platforms

Linux

Detection Tips

  • Monitor for SSH brute force attempts
  • Check for XorDDoS process patterns
  • Analyze unusual outbound traffic
  • Review rootkit indicators

MITRE ATT&CK Techniques

T1110, T1498, T1014, T1071

If You're Infected

  1. 1.

    Isolate infected Linux systems

  2. 2.

    Remove XorDDoS and rootkit components

  3. 3.

    Reset SSH credentials

  4. 4.

    Implement SSH key authentication

Related Malware

Mirai, Tsunami, Gafgyt

Is your business exposed?

Check if your company data is circulating on the dark web

Free scan • No credit card required

Privacy PolicyYour Privacy Choices