Hosts Scanning for open DDoSia endpoints

Share on:
Jul 03, 2023 Reconnaissance

Overview

DDoSia is a malicious software tool developed and distributed by the pro-Russia hacktivist group NoName057(16) in order to conduct DDoS attacks. Its purpose is to take websites of institutions and companies in European countries offline in support of Russia’s war against Ukraine. The group is openly communicating their activities and offering payments in cryptocurrencies to people who install their software in order to participate. It should be noted that many of these are likely security researchers, in the initial version of the DDoSia C2 framework a token was not required to list the targets through a GET request to /client/get_targets.

Observables

  • 128.199.25.21
  • 134.122.108.171
  • 134.122.48.209
  • 134.122.67.108
  • 134.209.100.79
  • 134.209.145.93
  • 134.209.219.183
  • 134.209.244.164
  • 134.209.248.242
  • 134.209.38.207
  • 134.209.93.108
  • 137.184.150.176
  • 138.197.146.44
  • 138.197.154.233
  • 138.197.161.187
  • 138.197.80.218
  • 138.68.170.78
  • 138.68.182.86
  • 139.59.141.234
  • 139.59.16.16
  • 139.59.240.183
  • 139.59.24.159
  • 139.59.255.120
  • 139.59.36.31
  • 139.59.87.71
  • 139.59.9.70
  • 142.93.142.38
  • 142.93.150.168
  • 142.93.152.155
  • 142.93.211.255
  • 142.93.32.165
  • 143.110.178.174
  • 143.198.125.193
  • 143.198.36.182
  • 146.190.244.201
  • 146.190.30.90
  • 146.190.96.204
  • 147.182.145.140
  • 157.245.153.130
  • 157.245.196.181
  • 157.245.44.137
  • 157.245.44.57
  • 159.203.11.53
  • 159.203.165.91
  • 159.203.5.254
  • 159.223.182.110
  • 159.65.164.93
  • 159.65.192.169
  • 159.65.30.190
  • 159.65.7.174
  • 159.89.127.151
  • 159.89.164.40
  • 159.89.168.107
  • 159.89.18.88
  • 159.89.201.186
  • 159.89.235.30
  • 159.89.32.65
  • 161.35.161.87
  • 161.35.18.10
  • 161.35.194.21
  • 161.35.85.108
  • 164.90.183.8
  • 164.92.190.33
  • 164.92.217.39
  • 165.22.109.226
  • 165.22.208.40
  • 165.22.216.235
  • 165.22.225.107
  • 165.22.235.65
  • 165.227.104.0
  • 165.227.42.115
  • 165.227.46.136
  • 165.232.161.22
  • 165.232.182.251
  • 167.172.36.25
  • 167.172.76.156
  • 167.71.206.6
  • 167.71.253.49
  • 167.99.138.230
  • 167.99.148.21
  • 167.99.181.248
  • 167.99.202.189
  • 167.99.219.191
  • 167.99.4.83
  • 167.99.58.148
  • 170.64.130.78
  • 170.64.132.0
  • 170.64.132.106
  • 170.64.137.237
  • 170.64.137.61
  • 170.64.142.5
  • 170.64.144.65
  • 170.64.153.19
  • 170.64.154.93
  • 170.64.158.160
  • 170.64.158.184
  • 170.64.163.45
  • 170.64.164.89
  • 170.64.165.1
  • 170.64.165.33
  • 170.64.166.93
  • 170.64.169.239
  • 170.64.178.32
  • 170.64.180.48
  • 170.64.181.135
  • 170.64.182.197
  • 170.64.182.201
  • 170.64.185.1
  • 174.138.3.22
  • 178.128.111.89
  • 178.128.217.45
  • 178.128.242.192
  • 178.128.28.80
  • 178.128.52.87
  • 178.128.98.40
  • 178.62.211.114
  • 178.62.72.44
  • 188.166.15.86
  • 188.166.180.36
  • 188.166.64.73
  • 206.189.110.6
  • 206.189.25.86
  • 206.189.5.127
  • 206.189.9.241
  • 207.154.195.171
  • 207.154.231.222
  • 209.38.192.141
  • 209.38.243.183
  • 209.97.138.74
  • 209.97.180.252
  • 24.144.120.57
  • 45.55.130.215
  • 46.101.105.133
  • 46.101.250.6
  • 64.226.83.215
  • 64.227.1.241
  • 64.227.142.250
  • 64.227.144.123
  • 64.227.149.54
  • 64.227.153.189
  • 64.227.158.125
  • 64.227.42.34
  • 68.183.203.95
  • 68.183.207.80
  • 68.183.32.86
  • 68.183.82.75
  • 68.183.86.249