{ "name": "Matrix Unleashes A New Widespread DDoS Campaign", "slug": "matrix-unleashes-a-new-widespread-ddos-campaign", "description": "A new widespread Distributed Denial-of-Service (DDoS) campaign orchestrated by a threat actor named Matrix has been uncovered. The operation combines public scripts, brute-force attacks, and exploitation of weak credentials to create a botnet capable of global disruption. Matrix targets vulnerabilities and misconfigurations across internet-connected devices, particularly IoT and enterprise systems. The campaign demonstrates how accessible tools and minimal technical knowledge can enable large-scale cyberattacks. Despite showing Russian affiliation, the absence of Ukrainian targets suggests a focus on financial gain rather than political motives. The threat actor is actively targeting both development and production servers, marking an evolution in DDoS activities.", "published": "2024-11-27T17:19:27+00:00", "created_at": "2024-11-27T17:19:27+00:00", "modified_at": "2024-11-27T17:32:40+00:00", "created_at_opencti": "2024-11-27T17:19:27+00:00", "author": "", "confidence": null, "report_types": [], "labels": [], "tags": [ "2024-11-27", "CVE-2014-8361", "CVE-2017-17106", "CVE-2017-17215", "CVE-2017-18368", "CVE-2018-10561", "CVE-2018-10562", "CVE-2018-9995", "CVE-2022-30075", "CVE-2022-30525", "CVE-2024-27348", "botnet", "brute-force", "cryptocurrency", "ddos", "discord", "discordgo", "iot", "mirai", "pybot", "script kiddie", "telegram", "vulnerability exploitation" ], "related_entities": { "observables": [ { "id": "", "name": "78.138.130.114" }, { "id": "", "name": "5.42.78.100" }, { "id": "", "name": "217.18.63.132" }, { "id": "", "name": "5.181.159.78" }, { "id": "", "name": "85.192.37.173" }, { "id": "", "name": "sponsored-ate.gl.at.ply.gg" }, { "id": "", "name": "fa1b9e78b59cdb26d98da8b00fe701697a55ae9ea3bd11b00695cfbba2b67a7a" }, { "id": "", "name": "aee08f24f2e0be5af8b9a7947e845e8364be2f8b5ff874fbc3e7a4c81ecdad83" }, { "id": "", "name": "8dfe94a1b02d1330886ad4458b32db3da4b872f9c2116657840de499fee5438a" }, { "id": "", "name": "424058facc8f16fd578190a612bc3f9178f5e393d345c2330c39436abb4d1142" }, { "id": "", "name": "2e7682abe30d93afb3bd9dee0011c450c1d72d727151344b8b7360441571e007" }, { "id": "", "name": "0ee827d23752c2afc1b07e5312986703f63e05b8c4f1902f5db07bb494e4d057" } ], "malware": [ { "id": "legacy:malware:0c61f7e03be0d784", "name": "DiscordGo", "slug": "discordgo" }, { "id": "legacy:malware:7dfceb8720c85a97", "name": "PYbot", "slug": "pybot" }, { "id": "5fdcf97f-0489-477b-a5df-c662e5fc5579", "name": "Mirai", "slug": "mirai" } ], "intrusion_sets": [ { "id": "8e8aa04c-68ab-4c6e-887c-12634c587de8", "name": "Matrix", "slug": "matrix" } ], "attack_patterns": [ { "id": "b4b010dc-35b2-4bf8-8d85-977e19772d10", "name": "T1563.001" }, { "id": "7671fe3e-6a85-463e-928d-16117d2f4f9b", "name": "T1059.006" }, { "id": "d5c953ff-b143-41b6-bf2d-87b829132ea5", "name": "T1135" }, { "id": "444de5e0-bd7f-4700-b700-26320057dd80", "name": "T1110" }, { "id": "7364ca96-72bf-4b7f-afef-ce2583b1ed58", "name": "T1562.001" }, { "id": "96df92ce-da3e-4c6d-8250-cb250c9ed619", "name": "T1554" }, { "id": "97d377d8-89c7-48f8-a79f-0f48bd60df74", "name": "T1005" }, { "id": "a72ebeae-8e62-4039-8135-e9c611011fdc", "name": "T1573" }, { "id": "6d618903-d9f6-4747-aec2-7630f43c1908", "name": "T1496" }, { "id": "af9ed2e3-4663-4723-beab-c606ddc312e0", "name": "T1543" }, { "id": "870bd958-53a3-4d25-9f23-00aa8bd6674d", "name": "T1102" }, { "id": "820fbdf8-7db2-4292-9a60-7eed3567be8d", "name": "T1210" }, { "id": "53c193a7-f726-4bd2-ae88-4019e2604adf", "name": "T1046" }, { "id": "7d7ac733-6442-416f-8669-c302dd0843b9", "name": "T1036" }, { "id": "747c7b95-79ff-4132-8ea5-397cb6665ebd", "name": "T1498" }, { "id": "6c8f8a40-2746-4a37-86bd-81e82afa6e62", "name": "T1190" }, { "id": "9f11a241-9abc-4c57-95dd-33955ab08826", "name": "T1078" } ], "vulnerabilities": [ { "id": "", "name": "CVE-2022-30075" }, { "id": "", "name": "CVE-2018-9995" }, { "id": "", "name": "CVE-2017-17106" }, { "id": "", "name": "CVE-2018-10562" }, { "id": "", "name": "CVE-2024-27348" }, { "id": "", "name": "CVE-2021-20090" }, { "id": "", "name": "CVE-2017-18368" }, { "id": "", "name": "CVE-2018-10561" }, { "id": "", "name": "CVE-2014-8361" }, { "id": "", "name": "CVE-2022-30525" }, { "id": "", "name": "CVE-2017-17215" } ], "others": [ { "id": "", "name": "China" }, { "id": "", "name": "Japan" }, { "id": "", "name": "Technology" }, { "id": "", "name": "Telecommunications" } ] }, "external_refs": [ "https://www.aquasec.com/blog/matrix-unleashes-a-new-widespread-ddos-campaign/", "https://otx.alienvault.com/pulse/674762afca244f0ae68fb484" ] }