Outlaw Cybergang Attacking Targets Worldwide

    Date: 05/06/2025

    Severity: Medium

    Summary

    Outlaw, also known as "Dota," is a Perl-based crypto-mining botnet targeting Linux systems by exploiting weak or default SSH credentials. While previously observed in honeypots, a recent real-world incident in Brazil highlights its continued effectiveness. Public telemetry data shows that Outlaw targets multiple countries and regions, and the report includes TTPs and defensive best practices for protecting against this threat.

    Indicators of Compromise (IOC) List

    IP Address

    45.9.148.99

    Hash

    15f7c9af535f4390b14ba03ddb990c732212dde8

    982c0318414c3fdf82e3726c4ef4e9021751bbd9

    f2b4bc2244ea8596a2a2a041308aa75088b6bbd5

    4d5838c760238b77d792c99e64bd962e73e28435

    d0ba24f9fad04720dff79f146769d0d8120bf2ff

    Wallet

    483fmPjXwX75xmkaJ3dm4vVGWZLHn3GDuKycHypVLr9SgiT6oaZgVh26iZRpwKEkTZCAmUS8tykuwUorM3zGtWxPBFqwuxS

    Gurucul Threat Detection and Incident Response (TDIR) Queries for Detection

    Detection Query 1

    dstipaddress IN ("45.9.148.99") or srcipaddress IN ("45.9.148.99")

    Detection Query 2

    hash IN ("f2b4bc2244ea8596a2a2a041308aa75088b6bbd5","4d5838c760238b77d792c99e64bd962e73e28435","15f7c9af535f4390b14ba03ddb990c732212dde8","982c0318414c3fdf82e3726c4ef4e9021751bbd9","d0ba24f9fad04720dff79f146769d0d8120bf2ff")

    Reference:  

    https://securelist.com/outlaw-botnet/116444/


    Tags

    MalwareThreat ActorBotnetOutlawDotacrypto-mining

    « Previous ArticleNext Article »

    Comments

    No records to display

    Looking for Something?
    Threat Research Categories:
    Tags