Dieses Dokuwiki verwendet ein von Anymorphic Webdesign erstelltes Thema.

Razlike

Slijede razlike između dviju inačica stranice.

Poveznica na ovu usporedbu

Starije izmjene na obje strane Starija izmjena
Novija izmjena 		Starija izmjena
racfor_wiki:seminari2024:projekt_ddosia [2025/01/23 08:19]
Orsag Mihael [Conclusion] 		racfor_wiki:seminari2024:projekt_ddosia [2025/01/27 06:36] (trenutno)
Orsag Mihael [Project DDoSia]
Redak 1: Redak 1:
-==== Project DDoSia ====+====== Project DDoSia ======
  
-==== Abstract ====+[[https://ferhr-my.sharepoint.com/:v:/g/personal/mo760600010_fer_hr/EYGanvcES4BKuytKDp2SOEEBqEPYYqB1yR50wTaHvARXBA?nav=eyJyZWZlcnJhbEluZm8iOnsicmVmZXJyYWxBcHAiOiJTdHJlYW1XZWJBcHAiLCJyZWZlcnJhbFZpZXciOiJTaGFyZURpYWxvZy1MaW5rIiwicmVmZXJyYWxBcHBQbGF0Zm9ybSI6IldlYiIsInJlZmVycmFsTW9kZSI6InZpZXcifX0%3D&e=J9dvBi|Video presentation]] 
 +===== Abstract =====
  
 Project DDoSia is a bot software created by a pro-Russian group, NoName057(16). Project DDoSia is a bot software created by a pro-Russian group, NoName057(16).
Redak 13: Redak 14:
 Keywords: DDoS, Cybersecurity, Bot, Botnet Keywords: DDoS, Cybersecurity, Bot, Botnet
  
-==== Introduction ====+===== Introduction =====
  
 One of the most powerful and impactful cyberattacks to date is distributed One of the most powerful and impactful cyberattacks to date is distributed
Redak 32: Redak 33:
 malicious actors to do this job instead, for a certain amount of money. Project malicious actors to do this job instead, for a certain amount of money. Project
 DDoSia is a bot software that takes an interesting, different approach to DDoSia is a bot software that takes an interesting, different approach to
-expanding its botnet by making the joining to the botnet entirely voluntary. +expanding its botnet by making the joining to the botnet entirely voluntary.
  
-==== Early versions ====+{{:racfor_wiki:seminari2024:botnet.png?400| Network structure of a botnet [6]}} 
 + 
 +Figure 1: Network structure of a botnet [6] 
 + 
 +===== Early versions =====
  
 Project DDoSia has been "officially" announced by a pro-Russian group Project DDoSia has been "officially" announced by a pro-Russian group
Redak 43: Redak 48:
 had around a thousand bots in its botnet.[2] had around a thousand bots in its botnet.[2]
  
-=== Recruitment ===+==== Recruitment ====
  
 Project DDoSia is distributed by the social media platform "Telegram". Project DDoSia is distributed by the social media platform "Telegram".
Redak 54: Redak 59:
 macOS and Windows. macOS and Windows.
  
-{{https://decoded.avast.io/wp-content/uploads/sites/2/2023/01/07.dosia-reward.png?685 +{{:racfor_wiki:seminari2024:reward-messages.png?685|Messages in the Project DDoSia Telegram group regarding rewards}}
-|Messages in the Project DDoSia Telegram group regarding rewards}}+
  
-Figure 1: Messages in the Project DDoSia Telegram channel regarding rewards [1]+Figure 2: Messages in the Project DDoSia Telegram channel regarding rewards [1]
  
 == Linux and macOS == == Linux and macOS ==
Redak 70: Redak 74:
  
  
-=== Client capabilities & communication ===+==== Client capabilities & communication ====
  
 When executed, the Python script starts the client which starts talking to the When executed, the Python script starts the client which starts talking to the
Redak 93: Redak 97:
 respectively. respectively.
  
-=== Botnet capabilities & targets ===+==== Botnet capabilities & targets ====
  
 It is estimated that the botnet could produce around 900,000 requests per It is estimated that the botnet could produce around 900,000 requests per
Redak 114: Redak 118:
 Table 1: Some of the targets of the Project DDoSia botnet [1] Table 1: Some of the targets of the Project DDoSia botnet [1]
  
-Although capable, Project DDoSia botnet did not acquire a pristine attack +Although capable, Project DDoSia botnet did not acquire a pristine attack
 record. In fact, only around 13% of all the attacks were successful, meaning record. In fact, only around 13% of all the attacks were successful, meaning
 that the target ceased to provide its services.[1] that the target ceased to provide its services.[1]
  
-==== Further development ====+===== Further development =====
  
 In late 2022 a new version of the bot software was detected, this time written In late 2022 a new version of the bot software was detected, this time written
Redak 128: Redak 132:
 server, authentication is required. server, authentication is required.
  
-{{https://decoded.avast.io/wp-content/uploads/sites/2/2023/04/C2-communication-workflow-1.png|Communication flow between a bot and the C&C server.[2]}}+{{:racfor_wiki:seminari2024:C2-communication-workflow.png?|Communication flow between a bot and the C&C server.[2]}}
  
-Figure 2: Communication flow between a bot and the C&C server [2]+Figure 3: Communication flow between a bot and the C&C server [2]
  
 Additionally, the .json file describing attack targets is now encrypted with Additionally, the .json file describing attack targets is now encrypted with
-symmetric key encryption, making it harder to. Regarding architectural changes,+symmetric key. Regarding architectural changes,
 at this point the C&C server is located behind two proxy servers, in order to at this point the C&C server is located behind two proxy servers, in order to
 better protect it by keeping its IP address secret. better protect it by keeping its IP address secret.
  
-{{https://decoded.avast.io/wp-content/uploads/sites/2/2023/04/C2-Architecture.png+{{:racfor_wiki:seminari2024:C2-Architecture.png?
 |C&C server architecture of the newer version of Project DDoSia botnet.[2]}} |C&C server architecture of the newer version of Project DDoSia botnet.[2]}}
  
-Figure 3: C&C server architecture of the newer version of Project DDoSia botnet [2]+Figure 4: C&C server architecture of the newer version of Project DDoSia botnet [2]
  
 In April 2023 the number of users in the Project DDoSia telegram group rose to In April 2023 the number of users in the Project DDoSia telegram group rose to
Redak 148: Redak 152:
 [2] [2]
  
-=== Targets ===+==== Targets ====
  
 With its growing capabilities and resources, the Project DDoSia botnet has With its growing capabilities and resources, the Project DDoSia botnet has
 expanded the list of targets, adding and heavily targeting Finland and Italy expanded the list of targets, adding and heavily targeting Finland and Italy
-along Ukraine. The most prevalent targets are govorment organizations, followed+along Ukraine. The most prevalent targets are government organizations, followed
 by banking and transportation organizations. by banking and transportation organizations.
  
-{{https://t7f4e9n3.delivery.rocketcdn.me/wp-content/uploads/2024/02/FLINT-2024-_-Top-countries-targeted-in-2024.png?685+{{:racfor_wiki:seminari2024:ddosia-map.png?685
 |A map of targeted countries by the Project DDoSia botnet in 2024.[5]}} |A map of targeted countries by the Project DDoSia botnet in 2024.[5]}}
  
-Figure 4: A map of targeted countries by the Project DDoSia botnet in 2024 [5] +Figure 5: A map of targeted countries by the Project DDoSia botnet in 2024 [5] 
-==== Conclusion ====+===== Conclusion =====
  
 Project DDoSia is a new approach to creating malicious botnets. With the Project DDoSia is a new approach to creating malicious botnets. With the
Redak 175: Redak 179:
 ==== Literature ==== ==== Literature ====
  
-[1] [[https://decoded.avast.io/martinchlumecky/ddosia-project/ |Martin Chlumecký,DDosia Project: Volunteers Carrying out NoName(057)16’s DirtyWork]]. Accessed: 17.1.2025.+[1] [[https://decoded.avast.io/martinchlumecky/ddosia-project/ |Martin Chlumecký: "DDosia Project: Volunteers Carrying out NoName(057)16’s DirtyWork"]]. Accessed: 17.1.2025. 
 + 
 +[2] [[https://decoded.avast.io/martinchlumecky/ddosia-project-how-noname05716-is-trying-to-improve-the-efficiency-of-ddos-attacks/ |Martin Chlumecký: "DDosia Project: How NoName057(16) is trying to improve the efficiency of DDoS attacks"]]. Accessed: 17.1.2025.
  
-[2] [[https://decoded.avast.io/martinchlumecky/ddosia-project-how-noname05716-is-trying-to-improve-the-efficiency-of-ddos-attacks/ |Martin Chlumecký, DDosia ProjectHow NoName057(16) is trying to improve the efficiency of DDoS attacks]]. Accessed: 17.1.2025.+[3] [[https://socradar.io/what-is-ddosia-project/ |SOCRadar"What is DDoSia Project?"]]. Accessed: 17.1.2025.
  
-[3] [[https://socradar.io/what-is-ddosia-project/ |SOCRadarWhat is DDoSia Project?]]. Accessed: 17.1.2025.+[4] [[https://blog.sekoia.io/following-noname05716-ddosia-projects-targets/ |Amaury G.Charles M. and Sekoia TDR: "Following NoName057(16) DDoSia Project’s Targets"]]. Accessed: 17.1.2025.
  
-[4] [[https://blog.sekoia.io/following-noname05716-ddosia-projects-targets/ |Amaury G., Charles M. and Sekoia TDR, Following NoName057(16) DDoSia Project’s Targets]]. Accessed: 17.1.2025.+[5] [[https://blog.sekoia.io/Noname05716-Ddosia-project-2024-updates-and-behavioural-shifts/ |Sekoia TDR, Amaury G. and Maxime A.: "NoName057(16)’s DDoSia project: 2024 updates and behavioural shifts"]]. Accessed: 17.1.2025.
  
-[5[[https://blog.sekoia.io/Noname05716-Ddosia-project-2024-updates-and-behavioural-shifts/ |Sekoia TDR, Amaury Gand Maxime A.NoName057(16)’s DDoSia project: 2024 updates and behavioural shifts]]Accessed: 17.1.2025.+[6Mahmoud, Muhammad, Manjinder Nir, and Ashraf Matrawy"survey on botnet architecturesdetection and defences." Int. J. Netw. Secur. 17.3 (2015): 264-281.
  
racfor_wiki/seminari2024/projekt_ddosia.1737620355.txt.gz · Zadnja izmjena: 2025/01/23 08:19 od Orsag Mihael
Dieses Dokuwiki verwendet ein von Anymorphic Webdesign erstelltes Thema.
CC Attribution-Share Alike 4.0 International
www.chimeric.de Valid CSS Driven by DokuWiki do yourself a favour and use a real browser - get firefox!! Recent changes RSS feed Valid XHTML 1.0