360 Qihoo researchers observed a series of DDoS attacks launched by the Russia-affiliated APT-C-53 (aka Gamaredon) and reported that the threat actors also released the code of a DDoS Trojan called LOIC as open source. The copies of the malware discovered by the experts were collected in early March, a few days after the Russian invasion of Ukraine began.
“We found that multiple C2 servers distributed an open-source DDoS Trojan program LOIC compiled by .net from March 4th to 5th, 2022.” reads the analysis published by 360 Qihoo.
While monitoring the activities of the APT group, experts have observed that the threat actors are carrying out multiple attacks, including phishing emails, file remote template injection execution, S FX self-extracting program execution of malicious scripts, Wiper malware delivery, And registry write load schedule task execution and so on. The experts were able to locate the C2 infrastructures used by the national actors.
Also Read: PDF Campaign Delivering Snake Keylogger
During the monitoring process of this batch of C 2 servers, Qihoo research team found that multiple C2 servers distributed an open-source DDos Trojan program LOIC compiled by .net from March 4th to 5th, 2022.
Below is the list of C&C domain name addresses involved in the DDoS attack task delivery
DDoS program sample file information:
|File Size _ _||156.16K|
The malicious code distributed by the APT group includes hard-coded IP addresses and ports for the targets.“The distribution of the LOIC Trojan may be the prelude to a new round of DDoS attacks.” concludes the researchers that also shared Indicators of compromise for the attacks.