Slijede razlike između dviju inačica stranice.
| Starije izmjene na obje strane Starija izmjena Novija izmjena | Starija izmjena | ||
|
racfor_wiki:seminari2024:projekt_ddosia [2025/01/23 12:51] Orsag Mihael [Early versions] |
racfor_wiki:seminari2024:projekt_ddosia [2025/01/27 06:36] (trenutno) Orsag Mihael [Project DDoSia] |
||
|---|---|---|---|
| Redak 1: | Redak 1: | ||
| - | ==== Project DDoSia ==== | + | ====== Project DDoSia |
| - | ==== Abstract ==== | + | [[https:// |
| + | ===== Abstract | ||
| Project DDoSia is a bot software created by a pro-Russian group, NoName057(16). | Project DDoSia is a bot software created by a pro-Russian group, NoName057(16). | ||
| Redak 13: | Redak 14: | ||
| Keywords: DDoS, Cybersecurity, | Keywords: DDoS, Cybersecurity, | ||
| - | ==== Introduction ==== | + | ===== Introduction |
| One of the most powerful and impactful cyberattacks to date is distributed | One of the most powerful and impactful cyberattacks to date is distributed | ||
| Redak 32: | Redak 33: | ||
| malicious actors to do this job instead, for a certain amount of money. Project | malicious actors to do this job instead, for a certain amount of money. Project | ||
| DDoSia is a bot software that takes an interesting, | DDoSia is a bot software that takes an interesting, | ||
| - | expanding its botnet by making the joining to the botnet entirely voluntary. | + | expanding its botnet by making the joining to the botnet entirely voluntary. |
| - | ==== Early versions ==== | + | {{: |
| + | |||
| + | Figure 1: Network structure of a botnet [6] | ||
| + | |||
| + | ===== Early versions | ||
| Project DDoSia has been " | Project DDoSia has been " | ||
| Redak 43: | Redak 48: | ||
| had around a thousand bots in its botnet.[2] | had around a thousand bots in its botnet.[2] | ||
| - | === Recruitment === | + | ==== Recruitment |
| Project DDoSia is distributed by the social media platform " | Project DDoSia is distributed by the social media platform " | ||
| Redak 54: | Redak 59: | ||
| macOS and Windows. | macOS and Windows. | ||
| - | {{https:// | + | {{:racfor_wiki: |
| - | |Messages in the Project DDoSia Telegram group regarding rewards}} | + | |
| - | Figure | + | Figure |
| == Linux and macOS == | == Linux and macOS == | ||
| Redak 70: | Redak 74: | ||
| - | === Client capabilities & communication === | + | ==== Client capabilities & communication |
| When executed, the Python script starts the client which starts talking to the | When executed, the Python script starts the client which starts talking to the | ||
| Redak 93: | Redak 97: | ||
| respectively. | respectively. | ||
| - | === Botnet capabilities & targets === | + | ==== Botnet capabilities & targets |
| It is estimated that the botnet could produce around 900,000 requests per | It is estimated that the botnet could produce around 900,000 requests per | ||
| Redak 118: | Redak 122: | ||
| that the target ceased to provide its services.[1] | that the target ceased to provide its services.[1] | ||
| - | ==== Further development ==== | + | ===== Further development |
| In late 2022 a new version of the bot software was detected, this time written | In late 2022 a new version of the bot software was detected, this time written | ||
| Redak 128: | Redak 132: | ||
| server, authentication is required. | server, authentication is required. | ||
| - | {{https:// | + | {{:racfor_wiki: |
| - | Figure | + | Figure |
| Additionally, | Additionally, | ||
| Redak 137: | Redak 141: | ||
| better protect it by keeping its IP address secret. | better protect it by keeping its IP address secret. | ||
| - | {{https:// | + | {{:racfor_wiki: |
| |C&C server architecture of the newer version of Project DDoSia botnet.[2]}} | |C&C server architecture of the newer version of Project DDoSia botnet.[2]}} | ||
| - | Figure | + | Figure |
| In April 2023 the number of users in the Project DDoSia telegram group rose to | In April 2023 the number of users in the Project DDoSia telegram group rose to | ||
| Redak 148: | Redak 152: | ||
| [2] | [2] | ||
| - | === Targets === | + | ==== Targets |
| With its growing capabilities and resources, the Project DDoSia botnet has | With its growing capabilities and resources, the Project DDoSia botnet has | ||
| expanded the list of targets, adding and heavily targeting Finland and Italy | expanded the list of targets, adding and heavily targeting Finland and Italy | ||
| - | along Ukraine. The most prevalent targets are govorment | + | along Ukraine. The most prevalent targets are government |
| by banking and transportation organizations. | by banking and transportation organizations. | ||
| - | {{https:// | + | {{:racfor_wiki: |
| |A map of targeted countries by the Project DDoSia botnet in 2024.[5]}} | |A map of targeted countries by the Project DDoSia botnet in 2024.[5]}} | ||
| - | Figure | + | Figure |
| - | ==== Conclusion ==== | + | ===== Conclusion |
| Project DDoSia is a new approach to creating malicious botnets. With the | Project DDoSia is a new approach to creating malicious botnets. With the | ||
| Redak 175: | Redak 179: | ||
| ==== Literature ==== | ==== Literature ==== | ||
| - | [1] [[https:// | + | [1] [[https:// |
| + | |||
| + | [2] [[https:// | ||
| - | [2] [[https://decoded.avast.io/martinchlumecky/ | + | [3] [[https://socradar.io/what-is-ddosia-project/ |SOCRadar: " |
| - | [3] [[https://socradar.io/what-is-ddosia-project/ |SOCRadar, What is DDoSia Project?]]. Accessed: 17.1.2025. | + | [4] [[https://blog.sekoia.io/following-noname05716-ddosia-projects-targets/ |Amaury G., Charles M. and Sekoia TDR: " |
| - | [4] [[https:// | + | [5] [[https:// |
| - | [5] [[https:// | + | [6] Mahmoud, Muhammad, Manjinder Nir, and Ashraf Matrawy. "A survey on botnet architectures, detection |