Outlaw cybergang attacking targets worldwide
A recent incident response case in Brazil revealed a Perl-based crypto mining botnet called Outlaw, also known as Dota, targeting Linux environments. The threat actor exploits weak SSH credentials, downloads malicious scripts, and deploys an XMRig miner for Monero cryptocurrency. The botnet includes an IRC-based client that acts as a backdoor, allowing for various malicious activities. Victims have been identified mainly in the United States, with additional targets in Germany, Italy, Thailand, Singapore, Taiwan, Canada, and Brazil. The article provides detailed analysis of the malware's components, persistence mechanisms, and evasion techniques. Recommendations for system administrators include hardening SSH configurations and implementing additional security measures to mitigate the risk of compromise.
Pulse ID: 6810fdeb2114bc18d03810e3
Pulse Link: https://otx.alienvault.com/pulse/6810fdeb2114bc18d03810e3
Pulse Author: AlienVault
Created: 2025-04-29 16:27:23
Be advised, this data is unverified and should be considered preliminary. Always do further verification.