Reconnecting to live updates…
OSINT - Gorilla DDoS
Severity: lowType: unknown
OSINT - Gorilla DDoS
AI Analysis
Technical Summary
The provided information references a threat labeled "OSINT - Gorilla DDoS," categorized primarily as an OSINT (Open Source Intelligence) observation related to denial of service (DoS) attack patterns. The threat is associated with multiple MITRE ATT&CK techniques: network denial of service (T1464), and endpoint denial of service (T1499 and T1642). These techniques describe attacks aimed at overwhelming network resources or endpoint systems to disrupt availability. However, the data lacks specific technical details about the Gorilla DDoS attack vector, such as the attack methodology, exploited vulnerabilities, or targeted platforms. The severity is marked as low with a certainty of 50%, indicating moderate confidence but limited concrete evidence. No affected versions or products are specified, and there are no known exploits in the wild or available patches. The threat appears to be an OSINT observation rather than a confirmed active threat campaign. The mention of network and endpoint denial of service suggests that the Gorilla DDoS could be a distributed denial of service attack leveraging multiple vectors to degrade or deny service to targeted systems or networks. The absence of detailed indicators or technical specifics limits the ability to fully characterize the attack or its mechanisms. Overall, this represents a potential low-severity denial of service threat with limited current impact or exploitation evidence.
Potential Impact
For European organizations, the primary impact of a denial of service threat like Gorilla DDoS would be disruption of network or endpoint availability. This could lead to temporary service outages, degraded performance, and potential operational interruptions. Critical infrastructure, financial institutions, healthcare providers, and public sector entities could be affected if targeted, resulting in service unavailability that impacts end users and business continuity. However, given the low severity and lack of known active exploitation, the immediate risk is limited. The threat could serve as an early warning to monitor for emerging DDoS campaigns or related network disruptions. If the threat evolves or is weaponized, it could increase in severity and impact, particularly for organizations with internet-facing services or insufficient DDoS mitigation capabilities. European organizations should consider the potential for increased network traffic anomalies and prepare incident response plans accordingly.
Mitigation Recommendations
1. Implement and regularly update network-level DDoS protection solutions such as traffic filtering, rate limiting, and anomaly detection to identify and mitigate unusual traffic patterns indicative of DDoS attacks. 2. Deploy endpoint protection and monitoring tools capable of detecting abnormal resource consumption or denial of service conditions at the host level. 3. Establish robust incident response procedures specifically for denial of service scenarios, including communication plans and escalation paths. 4. Collaborate with Internet Service Providers (ISPs) and utilize upstream filtering or scrubbing services to absorb or block malicious traffic before it reaches critical infrastructure. 5. Conduct regular network and endpoint resilience testing to ensure systems can handle traffic spikes and recover quickly from disruptions. 6. Monitor OSINT feeds and threat intelligence sources for updates on Gorilla DDoS or related campaigns to adapt defenses proactively. 7. Harden network infrastructure by disabling unnecessary services and closing unused ports to reduce attack surface. 8. Consider implementing redundancy and failover mechanisms to maintain service availability during attack conditions.
Affected Countries
Germany, France, United Kingdom, Netherlands, Italy, Spain, Poland, Belgium
Indicators of Compromise
- domain: gorillacnc.su
- domain: gorillabin.su
- domain: gorillaservices.su
- domain: gorillafirewall.su
- domain: gorillaproxy.su
- domain: gorilla-api.su
- file: 193.143.1.61
- hash: 80
- file: 193.143.1.70
- hash: 80
- file: 193.143.1.66
- hash: 7070
- file: 193.143.1.56
- hash: 7070
- file: 193.143.1.62
- hash: 7070
- file: 185.170.144.85
- hash: 7070
- file: 154.216.19.146
- hash: 7070
- file: 94.156.177.62
- hash: 7070
- file: 93.123.85.166
- hash: 38241
- file: 45.202.35.64
- hash: 38241
- file: 154.216.19.139
- hash: 38242
- file: 154.216.17.220
- hash: 38241
- file: 193.143.1.59
- hash: 38242
- file: 94.156.177.61
- hash: 38242
- file: 185.170.144.84
- hash: 38242
- url: http://154.216.17.182/arm6.nn
- text: /arm6.nn
- domain: 154.216.17.182
- text: 154.216.17.182
- domain: 154.216.17.182
- url: http://154.216.17.182/arm7.nn
- text: /arm7.nn
- domain: 154.216.17.182
- text: 154.216.17.182
- domain: 154.216.17.182
- url: http://154.216.17.182/lol
- text: /lol
- domain: 154.216.17.182
- text: 154.216.17.182
- domain: 154.216.17.182
- url: http://154.216.17.182/lol.sh
- text: /lol.sh
- domain: 154.216.17.182
- text: 154.216.17.182
- domain: 154.216.17.182
- url: http://154.216.17.182/x86_64.nn
- text: /x86_64.nn
- domain: 154.216.17.182
- text: 154.216.17.182
- domain: 154.216.17.182
- url: http://154.216.18.173/arm6.nn
- text: /arm6.nn
- domain: 154.216.18.173
- text: 154.216.18.173
- domain: 154.216.18.173
- url: http://154.216.18.173/lol
- text: /lol
- domain: 154.216.18.173
- text: 154.216.18.173
- domain: 154.216.18.173
- url: http://154.216.18.173/lol.sh
- text: /lol.sh
- domain: 154.216.18.173
- text: 154.216.18.173
- domain: 154.216.18.173
- url: http://154.216.18.173/x86_64.nn
- text: /x86_64.nn
- domain: 154.216.18.173
- text: 154.216.18.173
- domain: 154.216.18.173
- url: http://154.216.19.61/arm5.nn
- text: /arm5.nn
- domain: 154.216.19.61
- text: 154.216.19.61
- domain: 154.216.19.61
- url: http://154.216.19.61/arm6.nn
- text: /arm6.nn
- domain: 154.216.19.61
- text: 154.216.19.61
- domain: 154.216.19.61
- url: http://154.216.19.61/arm7.nn
- text: /arm7.nn
- domain: 154.216.19.61
- text: 154.216.19.61
- domain: 154.216.19.61
- url: http://154.216.19.61/arm.nn
- text: /arm.nn
- domain: 154.216.19.61
- text: 154.216.19.61
- domain: 154.216.19.61
- url: http://154.216.19.61/lol
- text: /lol
- domain: 154.216.19.61
- text: 154.216.19.61
- domain: 154.216.19.61
- url: http://154.216.19.61/lol.sh
- text: /lol.sh
- domain: 154.216.19.61
- text: 154.216.19.61
- domain: 154.216.19.61
- url: http://154.216.19.61/m68k.nn
- text: /m68k.nn
- domain: 154.216.19.61
- text: 154.216.19.61
- domain: 154.216.19.61
- url: http://154.216.19.61/mipsel.nn
- text: /mipsel.nn
- domain: 154.216.19.61
- text: 154.216.19.61
- domain: 154.216.19.61
- url: http://154.216.19.61/mips.nn
- text: /mips.nn
- domain: 154.216.19.61
- text: 154.216.19.61
- domain: 154.216.19.61
- url: http://154.216.19.61/powerpc.nn
- text: /powerpc.nn
- domain: 154.216.19.61
- text: 154.216.19.61
- domain: 154.216.19.61
- url: http://154.216.19.61/sh4.nn
- text: /sh4.nn
- domain: 154.216.19.61
- text: 154.216.19.61
- domain: 154.216.19.61
- url: http://154.216.19.61/sparc.nn
- text: /sparc.nn
- domain: 154.216.19.61
- text: 154.216.19.61
- domain: 154.216.19.61
- url: http://154.216.19.61/x86_32.nn
- text: /x86_32.nn
- domain: 154.216.19.61
- text: 154.216.19.61
- domain: 154.216.19.61
- url: http://154.216.19.61/x86_64.nn
- text: /x86_64.nn
- domain: 154.216.19.61
- text: 154.216.19.61
- domain: 154.216.19.61
- url: http://154.216.20.14/arm5.nn
- text: /arm5.nn
- domain: 154.216.20.14
- text: 154.216.20.14
- domain: 154.216.20.14
- url: http://154.216.20.14/arm6.nn
- text: /arm6.nn
- domain: 154.216.20.14
- text: 154.216.20.14
- domain: 154.216.20.14
- url: http://154.216.20.14/arm7.nn
- text: /arm7.nn
- domain: 154.216.20.14
- text: 154.216.20.14
- domain: 154.216.20.14
- url: http://154.216.20.14/arm.nn
- text: /arm.nn
- domain: 154.216.20.14
- text: 154.216.20.14
- domain: 154.216.20.14
- url: http://154.216.20.14/lol
- text: /lol
- domain: 154.216.20.14
- text: 154.216.20.14
- domain: 154.216.20.14
- url: http://154.216.20.14/lol.sh
- text: /lol.sh
- domain: 154.216.20.14
- text: 154.216.20.14
- domain: 154.216.20.14
- url: http://154.216.20.14/m68k.nn
- text: /m68k.nn
- domain: 154.216.20.14
- text: 154.216.20.14
- domain: 154.216.20.14
- url: http://154.216.20.14/mipsel.nn
- text: /mipsel.nn
- domain: 154.216.20.14
- text: 154.216.20.14
- domain: 154.216.20.14
- url: http://154.216.20.14/mips.nn
- text: /mips.nn
- domain: 154.216.20.14
- text: 154.216.20.14
- domain: 154.216.20.14
- url: http://154.216.20.14/powerpc.nn
- text: /powerpc.nn
- domain: 154.216.20.14
- text: 154.216.20.14
- domain: 154.216.20.14
- url: http://154.216.20.14/sh4.nn
- text: /sh4.nn
- domain: 154.216.20.14
- text: 154.216.20.14
- domain: 154.216.20.14
- url: http://154.216.20.14/sparc.nn
- text: /sparc.nn
- domain: 154.216.20.14
- text: 154.216.20.14
- domain: 154.216.20.14
- url: http://154.216.20.14/x86_32.nn
- text: /x86_32.nn
- domain: 154.216.20.14
- text: 154.216.20.14
- domain: 154.216.20.14
- url: http://154.216.20.14/x86_64.nn
- text: /x86_64.nn
- domain: 154.216.20.14
- text: 154.216.20.14
- domain: 154.216.20.14
- url: http://154.216.20.45/arm5.nn
- text: /arm5.nn
- domain: 154.216.20.45
- text: 154.216.20.45
- domain: 154.216.20.45
- url: http://154.216.20.45/arm6.nn
- text: /arm6.nn
- domain: 154.216.20.45
- text: 154.216.20.45
- domain: 154.216.20.45
- url: http://154.216.20.45/arm7.nn
- text: /arm7.nn
- domain: 154.216.20.45
- text: 154.216.20.45
- domain: 154.216.20.45
- url: http://154.216.20.45/arm.nn
- text: /arm.nn
- domain: 154.216.20.45
- text: 154.216.20.45
- domain: 154.216.20.45
- url: http://154.216.20.45/lol
- text: /lol
- domain: 154.216.20.45
- text: 154.216.20.45
- domain: 154.216.20.45
- url: http://154.216.20.45/lol.sh
- text: /lol.sh
- domain: 154.216.20.45
- text: 154.216.20.45
- domain: 154.216.20.45
- url: http://154.216.20.45/m68k.nn
- text: /m68k.nn
- domain: 154.216.20.45
- text: 154.216.20.45
- domain: 154.216.20.45
- url: http://154.216.20.45/mipsel.nn
- text: /mipsel.nn
- domain: 154.216.20.45
- text: 154.216.20.45
- domain: 154.216.20.45
- url: http://154.216.20.45/mips.nn
- text: /mips.nn
- domain: 154.216.20.45
- text: 154.216.20.45
- domain: 154.216.20.45
- url: http://154.216.20.45/powerpc.nn
- text: /powerpc.nn
- domain: 154.216.20.45
- text: 154.216.20.45
- domain: 154.216.20.45
- url: http://154.216.20.45/sh4.nn
- text: /sh4.nn
- domain: 154.216.20.45
- text: 154.216.20.45
- domain: 154.216.20.45
- url: http://154.216.20.45/sparc.nn
- text: /sparc.nn
- domain: 154.216.20.45
- text: 154.216.20.45
- domain: 154.216.20.45
- url: http://154.216.20.45/x86_32.nn
- text: /x86_32.nn
- domain: 154.216.20.45
- text: 154.216.20.45
- domain: 154.216.20.45
- url: http://154.216.20.45/x86_64.nn
- text: /x86_64.nn
- domain: 154.216.20.45
- text: 154.216.20.45
- domain: 154.216.20.45
- url: http://185.170.144.49/arm5.nn
- text: /arm5.nn
- domain: 185.170.144.49
- text: 185.170.144.49
- domain: 185.170.144.49
- url: http://185.170.144.49/arm6.nn
- text: /arm6.nn
- domain: 185.170.144.49
- text: 185.170.144.49
- domain: 185.170.144.49
- url: http://185.170.144.49/arm7.nn
- text: /arm7.nn
- domain: 185.170.144.49
- text: 185.170.144.49
- domain: 185.170.144.49
- url: http://185.170.144.49/arm.nn
- text: /arm.nn
- domain: 185.170.144.49
- text: 185.170.144.49
- domain: 185.170.144.49
- url: http://185.170.144.49/lol
- text: /lol
- domain: 185.170.144.49
- text: 185.170.144.49
- domain: 185.170.144.49
- url: http://185.170.144.49/lol.sh
- text: /lol.sh
- domain: 185.170.144.49
- text: 185.170.144.49
- domain: 185.170.144.49
- url: http://185.170.144.49/m68k.nn
- text: /m68k.nn
- domain: 185.170.144.49
- text: 185.170.144.49
- domain: 185.170.144.49
- url: http://185.170.144.49/mipsel.nn
- text: /mipsel.nn
- domain: 185.170.144.49
- text: 185.170.144.49
- domain: 185.170.144.49
- url: http://185.170.144.49/mips.nn
- text: /mips.nn
- domain: 185.170.144.49
- text: 185.170.144.49
- domain: 185.170.144.49
- url: http://185.170.144.49/powerpc.nn
- text: /powerpc.nn
- domain: 185.170.144.49
- text: 185.170.144.49
- domain: 185.170.144.49
- url: http://185.170.144.49/sh4.nn
- text: /sh4.nn
- domain: 185.170.144.49
- text: 185.170.144.49
- domain: 185.170.144.49
- url: http://185.170.144.49/sparc.nn
- text: /sparc.nn
- domain: 185.170.144.49
- text: 185.170.144.49
- domain: 185.170.144.49
- url: http://185.170.144.49/x86_32.nn
- text: /x86_32.nn
- domain: 185.170.144.49
- text: 185.170.144.49
- domain: 185.170.144.49
- url: http://185.170.144.49/x86_64.nn
- text: /x86_64.nn
- domain: 185.170.144.49
- text: 185.170.144.49
- domain: 185.170.144.49
- url: http://45.202.35.87/m68k.nn
- text: /m68k.nn
- domain: 45.202.35.87
- text: 45.202.35.87
- domain: 45.202.35.87
- url: http://45.202.35.87/mipsel.nn
- text: /mipsel.nn
- domain: 45.202.35.87
- text: 45.202.35.87
- domain: 45.202.35.87
- url: http://45.202.35.87/mips.nn
- text: /mips.nn
- domain: 45.202.35.87
- text: 45.202.35.87
- domain: 45.202.35.87
- url: http://45.202.35.87/powerpc.nn
- text: /powerpc.nn
- domain: 45.202.35.87
- text: 45.202.35.87
- domain: 45.202.35.87
- url: http://45.202.35.87/sparc.nn
- text: /sparc.nn
- domain: 45.202.35.87
- text: 45.202.35.87
- domain: 45.202.35.87
- url: http://45.202.35.87/x86_32.nn
- text: /x86_32.nn
- domain: 45.202.35.87
- text: 45.202.35.87
- domain: 45.202.35.87
- url: http://45.202.35.87/x86_64.nn
- text: /x86_64.nn
- domain: 45.202.35.87
- text: 45.202.35.87
- domain: 45.202.35.87
- url: http://45.66.231.26/lol
- text: /lol
- domain: 45.66.231.26
- text: 45.66.231.26
- domain: 45.66.231.26
- url: http://45.66.231.26/lol.sh
- text: /lol.sh
- domain: 45.66.231.26
- text: 45.66.231.26
- domain: 45.66.231.26
- url: http://45.66.231.26/m68k.nn
- text: /m68k.nn
- domain: 45.66.231.26
- text: 45.66.231.26
- domain: 45.66.231.26
- url: http://45.66.231.26/powerpc.nn
- text: /powerpc.nn
- domain: 45.66.231.26
- text: 45.66.231.26
- domain: 45.66.231.26
- url: http://45.66.231.26/sh4.nn
- text: /sh4.nn
- domain: 45.66.231.26
- text: 45.66.231.26
- domain: 45.66.231.26
- url: http://45.66.231.26/sparc.nn
- text: /sparc.nn
- domain: 45.66.231.26
- text: 45.66.231.26
- domain: 45.66.231.26
- url: http://45.88.88.41/arm5.nn
- text: /arm5.nn
- domain: 45.88.88.41
- text: 45.88.88.41
- domain: 45.88.88.41
- url: http://45.88.88.41/arm6.nn
- text: /arm6.nn
- domain: 45.88.88.41
- text: 45.88.88.41
- domain: 45.88.88.41
- url: http://45.88.88.41/arm7.nn
- text: /arm7.nn
- domain: 45.88.88.41
- text: 45.88.88.41
- domain: 45.88.88.41
- url: http://45.88.88.41/arm.nn
- text: /arm.nn
- domain: 45.88.88.41
- text: 45.88.88.41
- domain: 45.88.88.41
- url: http://45.88.88.41/mipsel.nn
- text: /mipsel.nn
- domain: 45.88.88.41
- text: 45.88.88.41
- domain: 45.88.88.41
- url: http://45.88.88.41/mips.nn
- text: /mips.nn
- domain: 45.88.88.41
- text: 45.88.88.41
- domain: 45.88.88.41
- url: http://45.88.88.41/x86_32.nn
- text: /x86_32.nn
- domain: 45.88.88.41
- text: 45.88.88.41
- domain: 45.88.88.41
- url: http://45.88.88.41/x86_64.nn
- text: /x86_64.nn
- domain: 45.88.88.41
- text: 45.88.88.41
- domain: 45.88.88.41
- url: http://45.89.247.112/arm5.nn
- text: /arm5.nn
- domain: 45.89.247.112
- text: 45.89.247.112
- domain: 45.89.247.112
- url: http://45.89.247.112/arm6.nn
- text: /arm6.nn
- domain: 45.89.247.112
- text: 45.89.247.112
- domain: 45.89.247.112
- url: http://45.89.247.112/arm7.nn
- text: /arm7.nn
- domain: 45.89.247.112
- text: 45.89.247.112
- domain: 45.89.247.112
- url: http://45.89.247.112/arm.nn
- text: /arm.nn
- domain: 45.89.247.112
- text: 45.89.247.112
- domain: 45.89.247.112
- url: http://45.89.247.112/lol
- text: /lol
- domain: 45.89.247.112
- text: 45.89.247.112
- domain: 45.89.247.112
- url: http://45.89.247.112/lol.sh
- text: /lol.sh
- domain: 45.89.247.112
- text: 45.89.247.112
- domain: 45.89.247.112
- url: http://45.89.247.112/m68k.nn
- text: /m68k.nn
- domain: 45.89.247.112
- text: 45.89.247.112
- domain: 45.89.247.112
- url: http://45.89.247.112/mipsel.nn
- text: /mipsel.nn
- domain: 45.89.247.112
- text: 45.89.247.112
- domain: 45.89.247.112
- url: http://45.89.247.112/mips.nn
- text: /mips.nn
- domain: 45.89.247.112
- text: 45.89.247.112
- domain: 45.89.247.112
- url: http://45.89.247.112/powerpc.nn
- text: /powerpc.nn
- domain: 45.89.247.112
- text: 45.89.247.112
- domain: 45.89.247.112
- url: http://45.89.247.112/sh4.nn
- text: /sh4.nn
- domain: 45.89.247.112
- text: 45.89.247.112
- domain: 45.89.247.112
- url: http://45.89.247.112/sparc.nn
- text: /sparc.nn
- domain: 45.89.247.112
- text: 45.89.247.112
- domain: 45.89.247.112
- url: http://45.89.247.112/x86_32.nn
- text: /x86_32.nn
- domain: 45.89.247.112
- text: 45.89.247.112
- domain: 45.89.247.112
- url: http://45.89.247.112/x86_64.nn
- text: /x86_64.nn
- domain: 45.89.247.112
- text: 45.89.247.112
- domain: 45.89.247.112
- url: http://46.8.69.32/arm5.nn
- text: /arm5.nn
- domain: 46.8.69.32
- text: 46.8.69.32
- domain: 46.8.69.32
- url: http://46.8.69.32/arm6.nn
- text: /arm6.nn
- domain: 46.8.69.32
- text: 46.8.69.32
- domain: 46.8.69.32
- url: http://46.8.69.32/arm7.nn
- text: /arm7.nn
- domain: 46.8.69.32
- text: 46.8.69.32
- domain: 46.8.69.32
- url: http://46.8.69.32/arm.nn
- text: /arm.nn
- domain: 46.8.69.32
- text: 46.8.69.32
- domain: 46.8.69.32
- url: http://46.8.69.32/lol
- text: /lol
- domain: 46.8.69.32
- text: 46.8.69.32
- domain: 46.8.69.32
- url: http://46.8.69.32/lol.sh
- text: /lol.sh
- domain: 46.8.69.32
- text: 46.8.69.32
- domain: 46.8.69.32
- url: http://46.8.69.32/mipsel.nn
- text: /mipsel.nn
- domain: 46.8.69.32
- text: 46.8.69.32
- domain: 46.8.69.32
- url: http://46.8.69.32/mips.nn
- text: /mips.nn
- domain: 46.8.69.32
- text: 46.8.69.32
- domain: 46.8.69.32
- url: http://46.8.69.32/x86_32.nn
- text: /x86_32.nn
- domain: 46.8.69.32
- text: 46.8.69.32
- domain: 46.8.69.32
- url: http://46.8.69.32/x86_64.nn
- text: /x86_64.nn
- domain: 46.8.69.32
- text: 46.8.69.32
- domain: 46.8.69.32
- url: http://91.194.55.151/arm5.nn
- text: /arm5.nn
- domain: 91.194.55.151
- text: 91.194.55.151
- domain: 91.194.55.151
- url: http://91.194.55.151/arm6.nn
- text: /arm6.nn
- domain: 91.194.55.151
- text: 91.194.55.151
- domain: 91.194.55.151
- url: http://91.194.55.151/arm7
- text: /arm7
- domain: 91.194.55.151
- text: 91.194.55.151
- domain: 91.194.55.151
- url: http://91.194.55.151/arm7.nn
- text: /arm7.nn
- domain: 91.194.55.151
- text: 91.194.55.151
- domain: 91.194.55.151
- url: http://91.194.55.151/arm.nn
- text: /arm.nn
- domain: 91.194.55.151
- text: 91.194.55.151
- domain: 91.194.55.151
- url: http://91.194.55.151/mips
- text: /mips
- domain: 91.194.55.151
- text: 91.194.55.151
- domain: 91.194.55.151
- url: http://91.194.55.151/mipsel
- text: /mipsel
- domain: 91.194.55.151
- text: 91.194.55.151
- domain: 91.194.55.151
- url: http://91.194.55.151/x86_32.nn
- text: /x86_32.nn
- domain: 91.194.55.151
- text: 91.194.55.151
- domain: 91.194.55.151
- url: http://91.194.55.151/x86_64.nn
- text: /x86_64.nn
- domain: 91.194.55.151
- text: 91.194.55.151
- domain: 91.194.55.151
- url: http://94.156.177.68/arm5.nn
- text: /arm5.nn
- domain: 94.156.177.68
- text: 94.156.177.68
- domain: 94.156.177.68
- url: http://94.156.177.68/arm6.nn
- text: /arm6.nn
- domain: 94.156.177.68
- text: 94.156.177.68
- domain: 94.156.177.68
- url: http://94.156.177.68/arm7.nn
- text: /arm7.nn
- domain: 94.156.177.68
- text: 94.156.177.68
- domain: 94.156.177.68
- url: http://94.156.177.68/arm.nn
- text: /arm.nn
- domain: 94.156.177.68
- text: 94.156.177.68
- domain: 94.156.177.68
- url: http://94.156.177.68/mipsel.nn
- text: /mipsel.nn
- domain: 94.156.177.68
- text: 94.156.177.68
- domain: 94.156.177.68
- url: http://94.156.177.68/mips.nn
- text: /mips.nn
- domain: 94.156.177.68
- text: 94.156.177.68
- domain: 94.156.177.68
- url: http://94.156.177.68/x86_32.nn
- text: /x86_32.nn
- domain: 94.156.177.68
- text: 94.156.177.68
- domain: 94.156.177.68
- url: http://94.156.177.68/x86_64.nn
- text: /x86_64.nn
- domain: 94.156.177.68
- text: 94.156.177.68
- domain: 94.156.177.68
- url: http://94.156.65.232/arm5.nn
- text: /arm5.nn
- domain: 94.156.65.232
- text: 94.156.65.232
- domain: 94.156.65.232
- url: http://94.156.65.232/arm6.nn
- text: /arm6.nn
- domain: 94.156.65.232
- text: 94.156.65.232
- domain: 94.156.65.232
- url: http://94.156.65.232/arm7.nn
- text: /arm7.nn
- domain: 94.156.65.232
- text: 94.156.65.232
- domain: 94.156.65.232
- url: http://94.156.65.232/arm.nn
- text: /arm.nn
- domain: 94.156.65.232
- text: 94.156.65.232
- domain: 94.156.65.232
- url: http://94.156.65.232/lol
- text: /lol
- domain: 94.156.65.232
- text: 94.156.65.232
- domain: 94.156.65.232
- url: http://94.156.65.232/lol.sh
- text: /lol.sh
- domain: 94.156.65.232
- text: 94.156.65.232
- domain: 94.156.65.232
- url: http://94.156.65.232/m68k.nn
- text: /m68k.nn
- domain: 94.156.65.232
- text: 94.156.65.232
- domain: 94.156.65.232
- url: http://94.156.65.232/mipsel.nn
- text: /mipsel.nn
- domain: 94.156.65.232
- text: 94.156.65.232
- domain: 94.156.65.232
- url: http://94.156.65.232/mips.nn
- text: /mips.nn
- domain: 94.156.65.232
- text: 94.156.65.232
- domain: 94.156.65.232
- url: http://94.156.65.232/powerpc.nn
- text: /powerpc.nn
- domain: 94.156.65.232
- text: 94.156.65.232
- domain: 94.156.65.232
- url: http://94.156.65.232/sh4.nn
- text: /sh4.nn
- domain: 94.156.65.232
- text: 94.156.65.232
- domain: 94.156.65.232
- url: http://94.156.65.232/sparc.nn
- text: /sparc.nn
- domain: 94.156.65.232
- text: 94.156.65.232
- domain: 94.156.65.232
- url: http://94.156.65.232/x86_32.nn
- text: /x86_32.nn
- domain: 94.156.65.232
- text: 94.156.65.232
- domain: 94.156.65.232
- url: http://94.156.65.232/x86_64.nn
- text: /x86_64.nn
- domain: 94.156.65.232
- text: 94.156.65.232
- domain: 94.156.65.232
- url: http://gorillabin.su/arm5.nn
- text: su
- text: /arm5.nn
- domain: gorillabin.su
- text: gorillabin
- domain: gorillabin.su
- url: http://gorillabin.su/arm6.nn
- text: su
- text: /arm6.nn
- domain: gorillabin.su
- text: gorillabin
- domain: gorillabin.su
- url: http://gorillabin.su/arm7.nn
- text: su
- text: /arm7.nn
- domain: gorillabin.su
- text: gorillabin
- domain: gorillabin.su
- url: http://gorillabin.su/arm.nn
- text: su
- text: /arm.nn
- domain: gorillabin.su
- text: gorillabin
- domain: gorillabin.su
- url: http://gorillabin.su/lol.sh
- text: su
- text: /lol.sh
- domain: gorillabin.su
- text: gorillabin
- domain: gorillabin.su
- url: http://gorillabin.su/mipsel.nn
- text: su
- text: /mipsel.nn
- domain: gorillabin.su
- text: gorillabin
- domain: gorillabin.su
- url: http://gorillabin.su/mips.nn
- text: su
- text: /mips.nn
- domain: gorillabin.su
- text: gorillabin
- domain: gorillabin.su
- url: http://gorillabin.su/x86_32.nn
- text: su
- text: /x86_32.nn
- domain: gorillabin.su
- text: gorillabin
- domain: gorillabin.su
- url: http://gorillabin.su/x86_64.nn
- text: su
- text: /x86_64.nn
- domain: gorillabin.su
- text: gorillabin
- domain: gorillabin.su
- url: http://pen.gorillafirewall.su/lol.sh
- text: su
- text: pen
- text: /lol.sh
- domain: pen.gorillafirewall.su
- text: gorillafirewall
- domain: gorillafirewall.su
- url: http://pen.gorillafirewall.su/sh4.nn
- text: su
- text: pen
- text: /sh4.nn
- domain: pen.gorillafirewall.su
- text: gorillafirewall
- domain: gorillafirewall.su
- url: http://www.xn--girsdom-9ya.com/arm5.nn
- text: com
- text: www
- text: /arm5.nn
- domain: www.xn--girsdom-9ya.com
- text: xn--girsdom-9ya
- domain: xn--girsdom-9ya.com
- url: http://www.xn--girsdom-9ya.com/arm6.nn
- text: com
- text: www
- text: /arm6.nn
- domain: www.xn--girsdom-9ya.com
- text: xn--girsdom-9ya
- domain: xn--girsdom-9ya.com
- url: http://www.xn--girsdom-9ya.com/arm.nn
- text: com
- text: www
- text: /arm.nn
- domain: www.xn--girsdom-9ya.com
- text: xn--girsdom-9ya
- domain: xn--girsdom-9ya.com
- url: http://www.xn--girsdom-9ya.com/mipsel.nn
- text: com
- text: www
- text: /mipsel.nn
- domain: www.xn--girsdom-9ya.com
- text: xn--girsdom-9ya
- domain: xn--girsdom-9ya.com
- url: http://www.xn--girsdom-9ya.com/x86_64.nn
- text: com
- text: www
- text: /x86_64.nn
- domain: www.xn--girsdom-9ya.com
- text: xn--girsdom-9ya
- domain: xn--girsdom-9ya.com
- url: http://xn--girsdom-9ya.com/arm5.nn
- text: com
- text: /arm5.nn
- domain: xn--girsdom-9ya.com
- text: xn--girsdom-9ya
- domain: xn--girsdom-9ya.com
- url: http://xn--girsdom-9ya.com/arm6.nn
- text: com
- text: /arm6.nn
- domain: xn--girsdom-9ya.com
- text: xn--girsdom-9ya
- domain: xn--girsdom-9ya.com
- url: http://xn--girsdom-9ya.com/arm.nn
- text: com
- text: /arm.nn
- domain: xn--girsdom-9ya.com
- text: xn--girsdom-9ya
- domain: xn--girsdom-9ya.com
- url: http://xn--girsdom-9ya.com/mipsel.nn
- text: com
- text: /mipsel.nn
- domain: xn--girsdom-9ya.com
- text: xn--girsdom-9ya
- domain: xn--girsdom-9ya.com
- url: http://xn--girsdom-9ya.com/x86_64.nn
- text: com
- text: /x86_64.nn
- domain: xn--girsdom-9ya.com
- text: xn--girsdom-9ya
- domain: xn--girsdom-9ya.com
- link: https://github.com/govcert-ch/CTI/blob/main/20241010_GorillaBot/20241010_NCSC-CH-GorillaBot.pdf
- text: Since September 2024, the National Cyber Security Centre of Switzerland (NCSC) is witnessing an increase in DDoS attacks against national critical infrastructure in Switzerland. According to our intelligence, these DDoS attacks are originating from a DDoS-as-a-service called ”Gorilla”. The attacks were mostly UDP based amplifi- cation attacks, apparently using open DNS resolvers. While the recent attacks have temporarily impacted the availability of certain services operated by the victim’s orga- nization, the security and confidentially of data or services have not been impacted nor ever been at risk. Under the name ”Gorilla Services”, an unknown threat actor is selling various services on Telegram, including DDoS-as-a-service where the cheapest plan starts at only a couple of dollars per day. While the service is already in business for quite some time, the amount of DDoS attacks conducted by Gorilla has increased recently. Gorilla of- fers a Mirai-like DDoS botnet for hire (”GorillaBot”) which contains out of compromised Linux/Unix devices. However, they also offer 10Gbit/s hosting with spoofed uplink, which commonly get used for DDoS attacks as well. As documented by NSFOCUS1, the number of attacks conducted by GorillaBot has increased rapidly to over 300’000 attacks in September 2024. With this, NSFOCUS considers the threat as ”The New King of DDoS Attacks”. The NCSC has mapped, together with the affected organizations in Switzerland, the attack infrastructure used by Gorilla and shared the corresponding cyber threat intel- ligence (CTI) not only with operators of national critical infrastructure in Switzerland but also with international partners. In addition, the NCSC has contacted Telegram, a company operating out of Dubai, and asked them to take actions against the offensive Telegram channel. This apparently resulted in the shut down of the reported Telegram channel. However, we observed that the threat actor has already set up a new Tele- gram channel and Singal as backup. With this technical report, we shed some light on the malware used by Gorilla and their DDoS operations.
- text: Technical Analysis of GorillaBot
- text: Report
- file: 20241010_NCSC-CH-GorillaBot.pdf
- file: a9a56ecee25fb22a19757e98133aeb858312377f6fd9c2bbb747edf687ed8547
- size-in-bytes: 616
- float: 4.7352556208588
- hash: 3c21544cfb3979b9d823eac46998f86a
- hash: 5a529aea9f676840b070bddc1b92519f57203b71
- hash: a9a56ecee25fb22a19757e98133aeb858312377f6fd9c2bbb747edf687ed8547
- hash: c58072fb79dbc1c71f16aed468a3e97f96aa17f2e1d9e3b6065defdc0d9cae73aaa1ca1389299e63de92f00ffe95e04ba766ab765fbee37167dbe156c9e0899e
- malware-sample: a9a56ecee25fb22a19757e98133aeb858312377f6fd9c2bbb747edf687ed8547|3c21544cfb3979b9d823eac46998f86a
- mime-type: text/plain
- ssdeep: 12:PRGH9vPnccGsQP1qyAA5Sq7FeIKW1h+A1DFTFIbn:PsXnWsYdAA5bMIKW1hV1Zun
- text: .init
- text: _lief
- text: _lief
- text: _lief
- size-in-bytes: 19
- float: 3.4058222502857
- hash: dac26d3f514daf8f091b4599cd062a71
- hash: 46720cd8faf68bf8ba8ef1fa46b39d012271153a
- hash: fca79d9e3088517e1b7a8228af27527ee8e0b7060a2f8164b7b750f917d313b1
- hash: 130a9d9811f1504565a918d662e3cb042a28be8d9542e413af07f8e71c603cd7301cb8c403055a17c8351b0b71b6e577209c0141528fd8c8ec473100610a48e0
- ssdeep: 3:4o/ns4U:fU4U
- text: .text
- text: _lief
- text: _lief
- text: _lief
- size-in-bytes: 80550
- float: 6.2614147616808
- hash: 7cd2de3905e9ec35d981d1e2e8208137
- hash: 8860ecc3dd756954216d9d441a2ff9512bb6bec5
- hash: 3891ca18736558ebb156defd5290713f2684627a4c1d8c165d1de223cd289dcd
- hash: 094d8ee65c3b00f50c7eae9271efde491e7db5be35e0c901ff51ea3fe71693de91c0299e313c72fe711d9a84f89bfbb1fcc541b56797c7a815f03cf06f85d0f7
- ssdeep: 1536:5JOA3BJHQbOqxM21+4M280LWcmTmNGeccRJ6p2laHu12F+pHxvBVuK:SARJHp8M2Q4B80icmTKVJ02lD12F+Tvj
- text: .fini
- text: _lief
- text: _lief
- text: _lief
- size-in-bytes: 14
- float: 3.3787834934862
- hash: f17d44750ffd57ca3bde2a8f74c66535
- hash: 7305114a96c27bafb749f788319a1215181811ae
- hash: 14ba7bb0bce448a41a06e438c09f58ad6d83d9adb37eebe36e0f277b0eeaa25a
- hash: 1f50960ba1afd50dbd13d4307f2e7192af8888efc57af8d6c34fd8fb318b9bdff58073272e35ac870e16f84cbab271ad6efd8e2174732c08f7db7d12ebb8d791
- ssdeep: 3:4mFtWU:RGU
- text: .rodata
- text: _lief
- text: _lief
- size-in-bytes: 15312
- float: 5.4563632549439
- hash: 9de308df2b62f41fe69d37de7597491d
- hash: 2c47bcae176985b3762eab5ce56014ec3f13bc84
- hash: dfcd6add0983cc5156197429278ff1e98f1ccb3f96ca6cf9da8cf5dcb00f4c91
- hash: 10b9c519a6b1efb0ec7ec17413b0376be92ac09cc726c6c1cd3cbf3e3d1c198c6aedf034492e12910d86c892d1b6f4e7481b16b9fc78196aa4af38724aaa5b03
- ssdeep: 384:WsDvgVuIGwhxHePdOnxxxxxxxxxxxxxxxOxuxxxxxxxZxxxsxxUexAjjjjjjjjjc:WszgApwhxHI0nxxxxxxxxxxxxxxxOxu+
- text: .ctors
- text: _lief
- text: _lief
- text: _lief
- size-in-bytes: 16
- float: 1
- hash: f858d36231ba743ad8c898d86a67a864
- hash: f7fd9f0c0324c1723e1eaedd80f457bdf62aa9dc
- hash: 60c69a3e87bf5c4f1e546bec45f262690bcf5494c4ecac2616bf2f731afa152a
- hash: 2e68bf09036a490ce0e8d579ab0247a5cccf12f6ba44c3727ad22420e13e26c588a9fbf7b4dceeeced9d7148d9c29ef33ba6ca174596a65b1d297d0d7169bd6c
- ssdeep: 3:RRR//:LRX
- text: .dtors
- text: _lief
- text: _lief
- text: _lief
- size-in-bytes: 16
- float: 1
- hash: f858d36231ba743ad8c898d86a67a864
- hash: f7fd9f0c0324c1723e1eaedd80f457bdf62aa9dc
- hash: 60c69a3e87bf5c4f1e546bec45f262690bcf5494c4ecac2616bf2f731afa152a
- hash: 2e68bf09036a490ce0e8d579ab0247a5cccf12f6ba44c3727ad22420e13e26c588a9fbf7b4dceeeced9d7148d9c29ef33ba6ca174596a65b1d297d0d7169bd6c
- ssdeep: 3:RRR//:LRX
- text: .data
- text: _lief
- text: _lief
- text: _lief
- size-in-bytes: 2208
- float: 3.9962404616202
- hash: 4cd65de7456ca7c72970838ca38886f5
- hash: e2f39a924bf667891c060eff4b823d6d7b903732
- hash: d33fc4c4bdd437da6be127ee90b9ddb6d9d4788e7f8feff38f5bb89f1090df44
- hash: 6b3b757f16155d89adc00f7b58e180c0dca521dc9fbcd7eb71da2e17c2aa38fba9a09429fd272156dc111cf4b5fc576d8b801c7a246118dce3be4c64455df87b
- ssdeep: 24:H4OJYpAKbqmMepg/pPsnRkysDbuC1+Xja1gs+y1OXGK1Q/BEWIbvxHwfULmqAyDo:H8P8RZgWqAw5eCefcmqxDgDh21664
- text: .bss
- text: _lief
- text: _lief
- text: _lief
- size-in-bytes: 10696
- hash: d41d8cd98f00b204e9800998ecf8427e
- hash: da39a3ee5e6b4b0d3255bfef95601890afd80709
- hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
- hash: cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e
- ssdeep: 3::
- text: .shstrtab
- text: _lief
- size-in-bytes: 62
- float: 3.5847266094526
- hash: 90d8eebc2a34162c49ec31cfc660cec1
- hash: 82520d0c476256d276861afe5c02c83d444b380c
- hash: 5da0b2d927ccda5332c1e053baec019d7bfb4b0605d7d6c7621052087c81bda2
- hash: f91be34869f6f53fb61cea8c82c68c54d11f9eaa4db19e3192dea5effb6161d6907a6fc19ea3a61e32fae0c260efe4c842e15e5e83b8ac5bce453ccb8f437a9e
- ssdeep: 3:dqMLwlApLQ4lLaCMLdsxlLB4K2in:kMF84MFsOin
- text: _lief
- text: 4194708
- text: _lief
- text: _lief
- counter: 9
- file: 14fb8b3b89c5f626519950882f242dd53889b1067578a9321e721dbf4311a91f
- size-in-bytes: 99104
- float: 6.3228588477239
- hash: 6cfca1b6f1302235cf09a9942ba1d3c6
- hash: 4afebb350020f0ee8f9f07e2d9f8ea8798e2e55a
- hash: 14fb8b3b89c5f626519950882f242dd53889b1067578a9321e721dbf4311a91f
- hash: cfb4a10a6fb70670e7fc4be92c577c4edf414d5c2ccdb3c2b372f92a5ae4b85531c261554dbe8b7b4a8196c4f4488f5f9054f95bfa809eb2cab2f905dba8f495
- malware-sample: 14fb8b3b89c5f626519950882f242dd53889b1067578a9321e721dbf4311a91f|6cfca1b6f1302235cf09a9942ba1d3c6
- mime-type: application/x-executable
- ssdeep: 3072:pARJHp8M2Q4B80icmTKVJ02lD12F+TvBVn5s:pAfHp8M2Q4B80LJFbzbB9e
- text: .init
- text: _lief
- text: _lief
- text: _lief
- size-in-bytes: 28
- float: 3.6375375112661
- hash: 02583bae37338df44022affe5c435d25
- hash: 677d607fb1b1c81383e21ec91bcdd31fc4f108b4
- hash: fe0b1f2674c22b18994e44902d79d2bee8baafe03368f8567c339c53161f7e2e
- hash: 4bf4eb2ab3da3da774cb06378a51b4631034ef5f4d85336e692ab158edd2f902ab9d8f143796f5aaf5ba76c9593df638e8ff9800c3a0ee32f64ad6291a98bbbe
- ssdeep: 3:ZB1/XN/X2kr:Vld
- text: .text
- text: _lief
- text: _lief
- text: _lief
- size-in-bytes: 77654
- float: 6.446127586329
- hash: 3d908716385f194e5a1bf277214e8213
- hash: 6a3fde177edbfa6aaf3b67a21f448eaa5f0426a2
- hash: da97af1e3b1e04ff63be13d2ae11276b707618261cd20526cfb2e61d1b3622e2
- hash: d4dcb06c41a4642a1b8e8ba23b8304380c369df89f9c90a492becbf2731563f04522892b6323c2478eccecbea195215267d528928ec41d2ce8cda883cf767485
- ssdeep: 1536:R+EVm3mt3zm4Yj1wORWWBsSJEiN+c0Ubt9B9o8LCoGULTswXSf:R+wkmt3zm4kV0iNtbTvo8WoG4IR
- text: .fini
- text: _lief
- text: _lief
- text: _lief
- size-in-bytes: 23
- float: 4.0018228256222
- hash: 901850fd8a67ae18d43bb63e94b81d6f
- hash: 0785be31d16e84eeb087d518348606fef9be3b17
- hash: 727dfefa0504bc9884daeba9be51b1c5f768e8d0f651dbfeeda89ec898459fd7
- hash: 83bff39b4cc26c75c3698e4adcb175cd208c058757791e54e449a69f08ab4893ecce625d9344bc358eb95fe0d6a5789f9524fb6f2538621fb595c42465bf04f3
- ssdeep: 3:ZBqvvlNpJn:2nHn
- text: .rodata
- text: _lief
- text: _lief
- size-in-bytes: 14140
- float: 5.764880966392
- hash: f83a04136594fa1967d66605b11b077a
- hash: 7a974250ed0da586b41aa8ddecaa88be4d15b540
- hash: bb008bde4cbc41f91e86a5614c1e387cd4f00ccb254f26a48b536f0b48131155
- hash: c2b28c5c359ba584d6099ce6e4bd4af9667c79d979cc115ab5fa0500490029668b455b0f3c3f27b24c597645ed36086b81c824acc8257dc2976a9bd2256df566
- ssdeep: 192:qD4QkztZiIPzW0tdPFmF65lewVwQ7QRDFWaEnlRum67bqlOVyQSWB3jiGKl:qsT/BkuIGQRZaePuGKl
- text: .ctors
- text: _lief
- text: _lief
- text: _lief
- size-in-bytes: 8
- float: 1
- hash: 14f9c4ad952bff03b2eb8fa9fb3aae76
- hash: ce296b184763a332aca5193149245ab4653334e8
- hash: 72a4fa3544e43a836ffcb268ce06ccdbc55d44d5e6b1b1c19216a53ea98301fd
- hash: 7c403a4652234a853f476938085a4a0613f7540ea108da2da488812462f9479cd6af00d184ac313dcb9cbb0c7725342d0363aeff8e7ac856d9f45a2d1d05c4ec
- ssdeep: 3:RRtl:LX
- text: .dtors
- text: _lief
- text: _lief
- text: _lief
- size-in-bytes: 8
- float: 1
- hash: 14f9c4ad952bff03b2eb8fa9fb3aae76
- hash: ce296b184763a332aca5193149245ab4653334e8
- hash: 72a4fa3544e43a836ffcb268ce06ccdbc55d44d5e6b1b1c19216a53ea98301fd
- hash: 7c403a4652234a853f476938085a4a0613f7540ea108da2da488812462f9479cd6af00d184ac313dcb9cbb0c7725342d0363aeff8e7ac856d9f45a2d1d05c4ec
- ssdeep: 3:RRtl:LX
- text: .data
- text: _lief
- text: _lief
- text: _lief
- size-in-bytes: 1408
- float: 5.8582486136718
- hash: 55c20ba1956b1854c3a778395fe3eec9
- hash: 4203802da10ee8a5d60d224ec60369d79c20204c
- hash: 195de6b10a26a68995772d7debd606c16200f8878cd4ab570cb94b523e7f831e
- hash: 45375f40ca02dc736ab3ce0a27b415b656b1d52ab9236c8372bf32cb6c4d79e930499b99ae0e39155449b6e08214f979259b8de3be27a478de3cbccff4290e9f
- ssdeep: 24:0Xj4OtdrTq5k8V0XjkfULmqAyDxyND8W2kmvW5nr++8/1fLv:0jZtBq5k8V0XAfcmqxDgDn2LFb
- text: .bss
- text: _lief
- text: _lief
- text: _lief
- size-in-bytes: 9728
- hash: d41d8cd98f00b204e9800998ecf8427e
- hash: da39a3ee5e6b4b0d3255bfef95601890afd80709
- hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
- hash: cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e
- ssdeep: 3::
- text: .shstrtab
- text: _lief
- size-in-bytes: 62
- float: 3.5847266094526
- hash: 90d8eebc2a34162c49ec31cfc660cec1
- hash: 82520d0c476256d276861afe5c02c83d444b380c
- hash: 5da0b2d927ccda5332c1e053baec019d7bfb4b0605d7d6c7621052087c81bda2
- hash: f91be34869f6f53fb61cea8c82c68c54d11f9eaa4db19e3192dea5effb6161d6907a6fc19ea3a61e32fae0c260efe4c842e15e5e83b8ac5bce453ccb8f437a9e
- ssdeep: 3:dqMLwlApLQ4lLaCMLdsxlLB4K2in:kMF84MFsOin
- text: _lief
- text: 134512996
- text: _lief
- text: _lief
- counter: 9
- file: d50acb9b20222c4e4a616a2ccc095eec2780141da7d4264a5ba2f82cae9c4670
- size-in-bytes: 96112
- float: 6.4973160195996
- hash: 4dc38c34e95ee063a4328a07871689ff
- hash: 7df2a1d9b0a53b3eec0ae7f41b62066ff6ba86f0
- hash: d50acb9b20222c4e4a616a2ccc095eec2780141da7d4264a5ba2f82cae9c4670
- hash: 474df744c51fb1b7f968c384f2c836e5592e8950ff0821f2711a95785888e3934f3fc1e7f386236c52f2bbd13ea30cb63bd2200f70ca830f693949f0bb6c4f2c
- malware-sample: d50acb9b20222c4e4a616a2ccc095eec2780141da7d4264a5ba2f82cae9c4670|4dc38c34e95ee063a4328a07871689ff
- mime-type: application/x-executable
- ssdeep: 1536:z+EVm3mt3zm4Yj1wORWWBsSJEiN+c0Ubt9B9o8LCoGULTswXSQVZQRZaLG:z+wkmt3zm4kV0iNtbTvo8WoG4IOVUaLG
- file: a9a56ecee25fb22a19757e98133aeb858312377f6fd9c2bbb747edf687ed8547
- text: Bash
- text: Script to download the GorillaBot binaries (Mirai variant)
- text: Malicious
OSINT - Gorilla DDoS
0
LowUnknowntype:osintosint:lifetime="perpetual"osint:certainty="50"tlp:whitetlp:clearmisp-galaxy:mitre-attack-pattern="network denial of service - t1464"misp-galaxy:mitre-attack-pattern="endpoint denial of service - t1499"misp-galaxy:mitre-attack-pattern="endpoint denial of service - t1642"
Published: Thu Nov 07 2024 (11/07/2024, 00:00:00 UTC)
Source: CIRCL OSINT Feed
Vendor/Project: type
Product: osint
Description
OSINT - Gorilla DDoS
AI-Powered Analysis
AILast updated: 07/01/2025, 13:55:18 UTC
Technical Analysis
The provided information references a threat labeled "OSINT - Gorilla DDoS," categorized primarily as an OSINT (Open Source Intelligence) observation related to denial of service (DoS) attack patterns. The threat is associated with multiple MITRE ATT&CK techniques: network denial of service (T1464), and endpoint denial of service (T1499 and T1642). These techniques describe attacks aimed at overwhelming network resources or endpoint systems to disrupt availability. However, the data lacks specific technical details about the Gorilla DDoS attack vector, such as the attack methodology, exploited vulnerabilities, or targeted platforms. The severity is marked as low with a certainty of 50%, indicating moderate confidence but limited concrete evidence. No affected versions or products are specified, and there are no known exploits in the wild or available patches. The threat appears to be an OSINT observation rather than a confirmed active threat campaign. The mention of network and endpoint denial of service suggests that the Gorilla DDoS could be a distributed denial of service attack leveraging multiple vectors to degrade or deny service to targeted systems or networks. The absence of detailed indicators or technical specifics limits the ability to fully characterize the attack or its mechanisms. Overall, this represents a potential low-severity denial of service threat with limited current impact or exploitation evidence.
Potential Impact
For European organizations, the primary impact of a denial of service threat like Gorilla DDoS would be disruption of network or endpoint availability. This could lead to temporary service outages, degraded performance, and potential operational interruptions. Critical infrastructure, financial institutions, healthcare providers, and public sector entities could be affected if targeted, resulting in service unavailability that impacts end users and business continuity. However, given the low severity and lack of known active exploitation, the immediate risk is limited. The threat could serve as an early warning to monitor for emerging DDoS campaigns or related network disruptions. If the threat evolves or is weaponized, it could increase in severity and impact, particularly for organizations with internet-facing services or insufficient DDoS mitigation capabilities. European organizations should consider the potential for increased network traffic anomalies and prepare incident response plans accordingly.
Mitigation Recommendations
1. Implement and regularly update network-level DDoS protection solutions such as traffic filtering, rate limiting, and anomaly detection to identify and mitigate unusual traffic patterns indicative of DDoS attacks. 2. Deploy endpoint protection and monitoring tools capable of detecting abnormal resource consumption or denial of service conditions at the host level. 3. Establish robust incident response procedures specifically for denial of service scenarios, including communication plans and escalation paths. 4. Collaborate with Internet Service Providers (ISPs) and utilize upstream filtering or scrubbing services to absorb or block malicious traffic before it reaches critical infrastructure. 5. Conduct regular network and endpoint resilience testing to ensure systems can handle traffic spikes and recover quickly from disruptions. 6. Monitor OSINT feeds and threat intelligence sources for updates on Gorilla DDoS or related campaigns to adapt defenses proactively. 7. Harden network infrastructure by disabling unnecessary services and closing unused ports to reduce attack surface. 8. Consider implementing redundancy and failover mechanisms to maintain service availability during attack conditions.
Affected Countries
Need more detailed analysis?Get Pro
Pro Feature
For access to advanced analysis and higher rate limits, contact root@offseq.com
Technical Details
- Uuid
- 581c63d3-9c2b-4af0-994c-c73cf9d2e895
- Original Timestamp
- 1748877175
Indicators of Compromise
Domain
| Value | Description | Copy |
|---|---|---|
domaingorillacnc.su | — | |
domaingorillabin.su | — | |
domaingorillaservices.su | — | |
domaingorillafirewall.su | — | |
domaingorillaproxy.su | — | |
domaingorilla-api.su | — | |
domain154.216.17.182 | — | |
domain154.216.17.182 | — | |
domain154.216.17.182 | — | |
domain154.216.17.182 | — | |
domain154.216.17.182 | — | |
domain154.216.17.182 | — | |
domain154.216.17.182 | — | |
domain154.216.17.182 | — | |
domain154.216.17.182 | — | |
domain154.216.17.182 | — | |
domain154.216.18.173 | — | |
domain154.216.18.173 | — | |
domain154.216.18.173 | — | |
domain154.216.18.173 | — | |
domain154.216.18.173 | — | |
domain154.216.18.173 | — | |
domain154.216.18.173 | — | |
domain154.216.18.173 | — | |
domain154.216.19.61 | — | |
domain154.216.19.61 | — | |
domain154.216.19.61 | — | |
domain154.216.19.61 | — | |
domain154.216.19.61 | — | |
domain154.216.19.61 | — | |
domain154.216.19.61 | — | |
domain154.216.19.61 | — | |
domain154.216.19.61 | — | |
domain154.216.19.61 | — | |
domain154.216.19.61 | — | |
domain154.216.19.61 | — | |
domain154.216.19.61 | — | |
domain154.216.19.61 | — | |
domain154.216.19.61 | — | |
domain154.216.19.61 | — | |
domain154.216.19.61 | — | |
domain154.216.19.61 | — | |
domain154.216.19.61 | — | |
domain154.216.19.61 | — | |
domain154.216.19.61 | — | |
domain154.216.19.61 | — | |
domain154.216.19.61 | — | |
domain154.216.19.61 | — | |
domain154.216.19.61 | — | |
domain154.216.19.61 | — | |
domain154.216.19.61 | — | |
domain154.216.19.61 | — | |
domain154.216.20.14 | — | |
domain154.216.20.14 | — | |
domain154.216.20.14 | — | |
domain154.216.20.14 | — | |
domain154.216.20.14 | — | |
domain154.216.20.14 | — | |
domain154.216.20.14 | — | |
domain154.216.20.14 | — | |
domain154.216.20.14 | — | |
domain154.216.20.14 | — | |
domain154.216.20.14 | — | |
domain154.216.20.14 | — | |
domain154.216.20.14 | — | |
domain154.216.20.14 | — | |
domain154.216.20.14 | — | |
domain154.216.20.14 | — | |
domain154.216.20.14 | — | |
domain154.216.20.14 | — | |
domain154.216.20.14 | — | |
domain154.216.20.14 | — | |
domain154.216.20.14 | — | |
domain154.216.20.14 | — | |
domain154.216.20.14 | — | |
domain154.216.20.14 | — | |
domain154.216.20.14 | — | |
domain154.216.20.14 | — | |
domain154.216.20.14 | — | |
domain154.216.20.14 | — | |
domain154.216.20.45 | — | |
domain154.216.20.45 | — | |
domain154.216.20.45 | — | |
domain154.216.20.45 | — | |
domain154.216.20.45 | — | |
domain154.216.20.45 | — | |
domain154.216.20.45 | — | |
domain154.216.20.45 | — | |
domain154.216.20.45 | — | |
domain154.216.20.45 | — | |
domain154.216.20.45 | — | |
domain154.216.20.45 | — | |
domain154.216.20.45 | — | |
domain154.216.20.45 | — | |
domain154.216.20.45 | — | |
domain154.216.20.45 | — | |
domain154.216.20.45 | — | |
domain154.216.20.45 | — | |
domain154.216.20.45 | — | |
domain154.216.20.45 | — | |
domain154.216.20.45 | — | |
domain154.216.20.45 | — | |
domain154.216.20.45 | — | |
domain154.216.20.45 | — | |
domain154.216.20.45 | — | |
domain154.216.20.45 | — | |
domain154.216.20.45 | — | |
domain154.216.20.45 | — | |
domain185.170.144.49 | — | |
domain185.170.144.49 | — | |
domain185.170.144.49 | — | |
domain185.170.144.49 | — | |
domain185.170.144.49 | — | |
domain185.170.144.49 | — | |
domain185.170.144.49 | — | |
domain185.170.144.49 | — | |
domain185.170.144.49 | — | |
domain185.170.144.49 | — | |
domain185.170.144.49 | — | |
domain185.170.144.49 | — | |
domain185.170.144.49 | — | |
domain185.170.144.49 | — | |
domain185.170.144.49 | — | |
domain185.170.144.49 | — | |
domain185.170.144.49 | — | |
domain185.170.144.49 | — | |
domain185.170.144.49 | — | |
domain185.170.144.49 | — | |
domain185.170.144.49 | — | |
domain185.170.144.49 | — | |
domain185.170.144.49 | — | |
domain185.170.144.49 | — | |
domain185.170.144.49 | — | |
domain185.170.144.49 | — | |
domain185.170.144.49 | — | |
domain185.170.144.49 | — | |
domain45.202.35.87 | — | |
domain45.202.35.87 | — | |
domain45.202.35.87 | — | |
domain45.202.35.87 | — | |
domain45.202.35.87 | — | |
domain45.202.35.87 | — | |
domain45.202.35.87 | — | |
domain45.202.35.87 | — | |
domain45.202.35.87 | — | |
domain45.202.35.87 | — | |
domain45.202.35.87 | — | |
domain45.202.35.87 | — | |
domain45.202.35.87 | — | |
domain45.202.35.87 | — | |
domain45.66.231.26 | — | |
domain45.66.231.26 | — | |
domain45.66.231.26 | — | |
domain45.66.231.26 | — | |
domain45.66.231.26 | — | |
domain45.66.231.26 | — | |
domain45.66.231.26 | — | |
domain45.66.231.26 | — | |
domain45.66.231.26 | — | |
domain45.66.231.26 | — | |
domain45.66.231.26 | — | |
domain45.66.231.26 | — | |
domain45.88.88.41 | — | |
domain45.88.88.41 | — | |
domain45.88.88.41 | — | |
domain45.88.88.41 | — | |
domain45.88.88.41 | — | |
domain45.88.88.41 | — | |
domain45.88.88.41 | — | |
domain45.88.88.41 | — | |
domain45.88.88.41 | — | |
domain45.88.88.41 | — | |
domain45.88.88.41 | — | |
domain45.88.88.41 | — | |
domain45.88.88.41 | — | |
domain45.88.88.41 | — | |
domain45.88.88.41 | — | |
domain45.88.88.41 | — | |
domain45.89.247.112 | — | |
domain45.89.247.112 | — | |
domain45.89.247.112 | — | |
domain45.89.247.112 | — | |
domain45.89.247.112 | — | |
domain45.89.247.112 | — | |
domain45.89.247.112 | — | |
domain45.89.247.112 | — | |
domain45.89.247.112 | — | |
domain45.89.247.112 | — | |
domain45.89.247.112 | — | |
domain45.89.247.112 | — | |
domain45.89.247.112 | — | |
domain45.89.247.112 | — | |
domain45.89.247.112 | — | |
domain45.89.247.112 | — | |
domain45.89.247.112 | — | |
domain45.89.247.112 | — | |
domain45.89.247.112 | — | |
domain45.89.247.112 | — | |
domain45.89.247.112 | — | |
domain45.89.247.112 | — | |
domain45.89.247.112 | — | |
domain45.89.247.112 | — | |
domain45.89.247.112 | — | |
domain45.89.247.112 | — | |
domain45.89.247.112 | — | |
domain45.89.247.112 | — | |
domain46.8.69.32 | — | |
domain46.8.69.32 | — | |
domain46.8.69.32 | — | |
domain46.8.69.32 | — | |
domain46.8.69.32 | — | |
domain46.8.69.32 | — | |
domain46.8.69.32 | — | |
domain46.8.69.32 | — | |
domain46.8.69.32 | — | |
domain46.8.69.32 | — | |
domain46.8.69.32 | — | |
domain46.8.69.32 | — | |
domain46.8.69.32 | — | |
domain46.8.69.32 | — | |
domain46.8.69.32 | — | |
domain46.8.69.32 | — | |
domain46.8.69.32 | — | |
domain46.8.69.32 | — | |
domain46.8.69.32 | — | |
domain46.8.69.32 | — | |
domain91.194.55.151 | — | |
domain91.194.55.151 | — | |
domain91.194.55.151 | — | |
domain91.194.55.151 | — | |
domain91.194.55.151 | — | |
domain91.194.55.151 | — | |
domain91.194.55.151 | — | |
domain91.194.55.151 | — | |
domain91.194.55.151 | — | |
domain91.194.55.151 | — | |
domain91.194.55.151 | — | |
domain91.194.55.151 | — | |
domain91.194.55.151 | — | |
domain91.194.55.151 | — | |
domain91.194.55.151 | — | |
domain91.194.55.151 | — | |
domain91.194.55.151 | — | |
domain91.194.55.151 | — | |
domain94.156.177.68 | — | |
domain94.156.177.68 | — | |
domain94.156.177.68 | — | |
domain94.156.177.68 | — | |
domain94.156.177.68 | — | |
domain94.156.177.68 | — | |
domain94.156.177.68 | — | |
domain94.156.177.68 | — | |
domain94.156.177.68 | — | |
domain94.156.177.68 | — | |
domain94.156.177.68 | — | |
domain94.156.177.68 | — | |
domain94.156.177.68 | — | |
domain94.156.177.68 | — | |
domain94.156.177.68 | — | |
domain94.156.177.68 | — | |
domain94.156.65.232 | — | |
domain94.156.65.232 | — | |
domain94.156.65.232 | — | |
domain94.156.65.232 | — | |
domain94.156.65.232 | — | |
domain94.156.65.232 | — | |
domain94.156.65.232 | — | |
domain94.156.65.232 | — | |
domain94.156.65.232 | — | |
domain94.156.65.232 | — | |
domain94.156.65.232 | — | |
domain94.156.65.232 | — | |
domain94.156.65.232 | — | |
domain94.156.65.232 | — | |
domain94.156.65.232 | — | |
domain94.156.65.232 | — | |
domain94.156.65.232 | — | |
domain94.156.65.232 | — | |
domain94.156.65.232 | — | |
domain94.156.65.232 | — | |
domain94.156.65.232 | — | |
domain94.156.65.232 | — | |
domain94.156.65.232 | — | |
domain94.156.65.232 | — | |
domain94.156.65.232 | — | |
domain94.156.65.232 | — | |
domain94.156.65.232 | — | |
domain94.156.65.232 | — | |
domaingorillabin.su | — | |
domaingorillabin.su | — | |
domaingorillabin.su | — | |
domaingorillabin.su | — | |
domaingorillabin.su | — | |
domaingorillabin.su | — | |
domaingorillabin.su | — | |
domaingorillabin.su | — | |
domaingorillabin.su | — | |
domaingorillabin.su | — | |
domaingorillabin.su | — | |
domaingorillabin.su | — | |
domaingorillabin.su | — | |
domaingorillabin.su | — | |
domaingorillabin.su | — | |
domaingorillabin.su | — | |
domaingorillabin.su | — | |
domaingorillabin.su | — | |
domainpen.gorillafirewall.su | — | |
domaingorillafirewall.su | — | |
domainpen.gorillafirewall.su | — | |
domaingorillafirewall.su | — | |
domainwww.xn--girsdom-9ya.com | — | |
domainxn--girsdom-9ya.com | — | |
domainwww.xn--girsdom-9ya.com | — | |
domainxn--girsdom-9ya.com | — | |
domainwww.xn--girsdom-9ya.com | — | |
domainxn--girsdom-9ya.com | — | |
domainwww.xn--girsdom-9ya.com | — | |
domainxn--girsdom-9ya.com | — | |
domainwww.xn--girsdom-9ya.com | — | |
domainxn--girsdom-9ya.com | — | |
domainxn--girsdom-9ya.com | — | |
domainxn--girsdom-9ya.com | — | |
domainxn--girsdom-9ya.com | — | |
domainxn--girsdom-9ya.com | — | |
domainxn--girsdom-9ya.com | — | |
domainxn--girsdom-9ya.com | — | |
domainxn--girsdom-9ya.com | — | |
domainxn--girsdom-9ya.com | — | |
domainxn--girsdom-9ya.com | — | |
domainxn--girsdom-9ya.com | — |
File
| Value | Description | Copy |
|---|---|---|
file193.143.1.61 | On port 80 | |
file193.143.1.70 | On port 80 | |
file193.143.1.66 | On port 7070 | |
file193.143.1.56 | On port 7070 | |
file193.143.1.62 | On port 7070 | |
file185.170.144.85 | On port 7070 | |
file154.216.19.146 | On port 7070 | |
file94.156.177.62 | On port 7070 | |
file93.123.85.166 | On port 38241 | |
file45.202.35.64 | On port 38241 | |
file154.216.19.139 | On port 38242 | |
file154.216.17.220 | On port 38241 | |
file193.143.1.59 | On port 38242 | |
file94.156.177.61 | On port 38242 | |
file185.170.144.84 | On port 38242 | |
file20241010_NCSC-CH-GorillaBot.pdf | — | |
filea9a56ecee25fb22a19757e98133aeb858312377f6fd9c2bbb747edf687ed8547 | — | |
file14fb8b3b89c5f626519950882f242dd53889b1067578a9321e721dbf4311a91f | — | |
filed50acb9b20222c4e4a616a2ccc095eec2780141da7d4264a5ba2f82cae9c4670 | — | |
filea9a56ecee25fb22a19757e98133aeb858312377f6fd9c2bbb747edf687ed8547 | — |
Hash
| Value | Description | Copy |
|---|---|---|
hash80 | On port 80 | |
hash80 | On port 80 | |
hash7070 | On port 7070 | |
hash7070 | On port 7070 | |
hash7070 | On port 7070 | |
hash7070 | On port 7070 | |
hash7070 | On port 7070 | |
hash7070 | On port 7070 | |
hash38241 | On port 38241 | |
hash38241 | On port 38241 | |
hash38242 | On port 38242 | |
hash38241 | On port 38241 | |
hash38242 | On port 38242 | |
hash38242 | On port 38242 | |
hash38242 | On port 38242 | |
hash3c21544cfb3979b9d823eac46998f86a | — | |
hash5a529aea9f676840b070bddc1b92519f57203b71 | — | |
hasha9a56ecee25fb22a19757e98133aeb858312377f6fd9c2bbb747edf687ed8547 | — | |
hashc58072fb79dbc1c71f16aed468a3e97f96aa17f2e1d9e3b6065defdc0d9cae73aaa1ca1389299e63de92f00ffe95e04ba766ab765fbee37167dbe156c9e0899e | — | |
hashdac26d3f514daf8f091b4599cd062a71 | — | |
hash46720cd8faf68bf8ba8ef1fa46b39d012271153a | — | |
hashfca79d9e3088517e1b7a8228af27527ee8e0b7060a2f8164b7b750f917d313b1 | — | |
hash130a9d9811f1504565a918d662e3cb042a28be8d9542e413af07f8e71c603cd7301cb8c403055a17c8351b0b71b6e577209c0141528fd8c8ec473100610a48e0 | — | |
hash7cd2de3905e9ec35d981d1e2e8208137 | — | |
hash8860ecc3dd756954216d9d441a2ff9512bb6bec5 | — | |
hash3891ca18736558ebb156defd5290713f2684627a4c1d8c165d1de223cd289dcd | — | |
hash094d8ee65c3b00f50c7eae9271efde491e7db5be35e0c901ff51ea3fe71693de91c0299e313c72fe711d9a84f89bfbb1fcc541b56797c7a815f03cf06f85d0f7 | — | |
hashf17d44750ffd57ca3bde2a8f74c66535 | — | |
hash7305114a96c27bafb749f788319a1215181811ae | — | |
hash14ba7bb0bce448a41a06e438c09f58ad6d83d9adb37eebe36e0f277b0eeaa25a | — | |
hash1f50960ba1afd50dbd13d4307f2e7192af8888efc57af8d6c34fd8fb318b9bdff58073272e35ac870e16f84cbab271ad6efd8e2174732c08f7db7d12ebb8d791 | — | |
hash9de308df2b62f41fe69d37de7597491d | — | |
hash2c47bcae176985b3762eab5ce56014ec3f13bc84 | — | |
hashdfcd6add0983cc5156197429278ff1e98f1ccb3f96ca6cf9da8cf5dcb00f4c91 | — | |
hash10b9c519a6b1efb0ec7ec17413b0376be92ac09cc726c6c1cd3cbf3e3d1c198c6aedf034492e12910d86c892d1b6f4e7481b16b9fc78196aa4af38724aaa5b03 | — | |
hashf858d36231ba743ad8c898d86a67a864 | — | |
hashf7fd9f0c0324c1723e1eaedd80f457bdf62aa9dc | — | |
hash60c69a3e87bf5c4f1e546bec45f262690bcf5494c4ecac2616bf2f731afa152a | — | |
hash2e68bf09036a490ce0e8d579ab0247a5cccf12f6ba44c3727ad22420e13e26c588a9fbf7b4dceeeced9d7148d9c29ef33ba6ca174596a65b1d297d0d7169bd6c | — | |
hashf858d36231ba743ad8c898d86a67a864 | — | |
hashf7fd9f0c0324c1723e1eaedd80f457bdf62aa9dc | — | |
hash60c69a3e87bf5c4f1e546bec45f262690bcf5494c4ecac2616bf2f731afa152a | — | |
hash2e68bf09036a490ce0e8d579ab0247a5cccf12f6ba44c3727ad22420e13e26c588a9fbf7b4dceeeced9d7148d9c29ef33ba6ca174596a65b1d297d0d7169bd6c | — | |
hash4cd65de7456ca7c72970838ca38886f5 | — | |
hashe2f39a924bf667891c060eff4b823d6d7b903732 | — | |
hashd33fc4c4bdd437da6be127ee90b9ddb6d9d4788e7f8feff38f5bb89f1090df44 | — | |
hash6b3b757f16155d89adc00f7b58e180c0dca521dc9fbcd7eb71da2e17c2aa38fba9a09429fd272156dc111cf4b5fc576d8b801c7a246118dce3be4c64455df87b | — | |
hashd41d8cd98f00b204e9800998ecf8427e | — | |
hashda39a3ee5e6b4b0d3255bfef95601890afd80709 | — | |
hashe3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 | — | |
hashcf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e | — | |
hash90d8eebc2a34162c49ec31cfc660cec1 | — | |
hash82520d0c476256d276861afe5c02c83d444b380c | — | |
hash5da0b2d927ccda5332c1e053baec019d7bfb4b0605d7d6c7621052087c81bda2 | — | |
hashf91be34869f6f53fb61cea8c82c68c54d11f9eaa4db19e3192dea5effb6161d6907a6fc19ea3a61e32fae0c260efe4c842e15e5e83b8ac5bce453ccb8f437a9e | — | |
hash6cfca1b6f1302235cf09a9942ba1d3c6 | — | |
hash4afebb350020f0ee8f9f07e2d9f8ea8798e2e55a | — | |
hash14fb8b3b89c5f626519950882f242dd53889b1067578a9321e721dbf4311a91f | — | |
hashcfb4a10a6fb70670e7fc4be92c577c4edf414d5c2ccdb3c2b372f92a5ae4b85531c261554dbe8b7b4a8196c4f4488f5f9054f95bfa809eb2cab2f905dba8f495 | — | |
hash02583bae37338df44022affe5c435d25 | — | |
hash677d607fb1b1c81383e21ec91bcdd31fc4f108b4 | — | |
hashfe0b1f2674c22b18994e44902d79d2bee8baafe03368f8567c339c53161f7e2e | — | |
hash4bf4eb2ab3da3da774cb06378a51b4631034ef5f4d85336e692ab158edd2f902ab9d8f143796f5aaf5ba76c9593df638e8ff9800c3a0ee32f64ad6291a98bbbe | — | |
hash3d908716385f194e5a1bf277214e8213 | — | |
hash6a3fde177edbfa6aaf3b67a21f448eaa5f0426a2 | — | |
hashda97af1e3b1e04ff63be13d2ae11276b707618261cd20526cfb2e61d1b3622e2 | — | |
hashd4dcb06c41a4642a1b8e8ba23b8304380c369df89f9c90a492becbf2731563f04522892b6323c2478eccecbea195215267d528928ec41d2ce8cda883cf767485 | — | |
hash901850fd8a67ae18d43bb63e94b81d6f | — | |
hash0785be31d16e84eeb087d518348606fef9be3b17 | — | |
hash727dfefa0504bc9884daeba9be51b1c5f768e8d0f651dbfeeda89ec898459fd7 | — | |
hash83bff39b4cc26c75c3698e4adcb175cd208c058757791e54e449a69f08ab4893ecce625d9344bc358eb95fe0d6a5789f9524fb6f2538621fb595c42465bf04f3 | — | |
hashf83a04136594fa1967d66605b11b077a | — | |
hash7a974250ed0da586b41aa8ddecaa88be4d15b540 | — | |
hashbb008bde4cbc41f91e86a5614c1e387cd4f00ccb254f26a48b536f0b48131155 | — | |
hashc2b28c5c359ba584d6099ce6e4bd4af9667c79d979cc115ab5fa0500490029668b455b0f3c3f27b24c597645ed36086b81c824acc8257dc2976a9bd2256df566 | — | |
hash14f9c4ad952bff03b2eb8fa9fb3aae76 | — | |
hashce296b184763a332aca5193149245ab4653334e8 | — | |
hash72a4fa3544e43a836ffcb268ce06ccdbc55d44d5e6b1b1c19216a53ea98301fd | — | |
hash7c403a4652234a853f476938085a4a0613f7540ea108da2da488812462f9479cd6af00d184ac313dcb9cbb0c7725342d0363aeff8e7ac856d9f45a2d1d05c4ec | — | |
hash14f9c4ad952bff03b2eb8fa9fb3aae76 | — | |
hashce296b184763a332aca5193149245ab4653334e8 | — | |
hash72a4fa3544e43a836ffcb268ce06ccdbc55d44d5e6b1b1c19216a53ea98301fd | — | |
hash7c403a4652234a853f476938085a4a0613f7540ea108da2da488812462f9479cd6af00d184ac313dcb9cbb0c7725342d0363aeff8e7ac856d9f45a2d1d05c4ec | — | |
hash55c20ba1956b1854c3a778395fe3eec9 | — | |
hash4203802da10ee8a5d60d224ec60369d79c20204c | — | |
hash195de6b10a26a68995772d7debd606c16200f8878cd4ab570cb94b523e7f831e | — | |
hash45375f40ca02dc736ab3ce0a27b415b656b1d52ab9236c8372bf32cb6c4d79e930499b99ae0e39155449b6e08214f979259b8de3be27a478de3cbccff4290e9f | — | |
hashd41d8cd98f00b204e9800998ecf8427e | — | |
hashda39a3ee5e6b4b0d3255bfef95601890afd80709 | — | |
hashe3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 | — | |
hashcf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e | — | |
hash90d8eebc2a34162c49ec31cfc660cec1 | — | |
hash82520d0c476256d276861afe5c02c83d444b380c | — | |
hash5da0b2d927ccda5332c1e053baec019d7bfb4b0605d7d6c7621052087c81bda2 | — | |
hashf91be34869f6f53fb61cea8c82c68c54d11f9eaa4db19e3192dea5effb6161d6907a6fc19ea3a61e32fae0c260efe4c842e15e5e83b8ac5bce453ccb8f437a9e | — | |
hash4dc38c34e95ee063a4328a07871689ff | — | |
hash7df2a1d9b0a53b3eec0ae7f41b62066ff6ba86f0 | — | |
hashd50acb9b20222c4e4a616a2ccc095eec2780141da7d4264a5ba2f82cae9c4670 | — | |
hash474df744c51fb1b7f968c384f2c836e5592e8950ff0821f2711a95785888e3934f3fc1e7f386236c52f2bbd13ea30cb63bd2200f70ca830f693949f0bb6c4f2c | — |
Url
| Value | Description | Copy |
|---|---|---|
urlhttp://154.216.17.182/arm6.nn | — | |
urlhttp://154.216.17.182/arm7.nn | — | |
urlhttp://154.216.17.182/lol | — | |
urlhttp://154.216.17.182/lol.sh | — | |
urlhttp://154.216.17.182/x86_64.nn | — | |
urlhttp://154.216.18.173/arm6.nn | — | |
urlhttp://154.216.18.173/lol | — | |
urlhttp://154.216.18.173/lol.sh | — | |
urlhttp://154.216.18.173/x86_64.nn | — | |
urlhttp://154.216.19.61/arm5.nn | — | |
urlhttp://154.216.19.61/arm6.nn | — | |
urlhttp://154.216.19.61/arm7.nn | — | |
urlhttp://154.216.19.61/arm.nn | — | |
urlhttp://154.216.19.61/lol | — | |
urlhttp://154.216.19.61/lol.sh | — | |
urlhttp://154.216.19.61/m68k.nn | — | |
urlhttp://154.216.19.61/mipsel.nn | — | |
urlhttp://154.216.19.61/mips.nn | — | |
urlhttp://154.216.19.61/powerpc.nn | — | |
urlhttp://154.216.19.61/sh4.nn | — | |
urlhttp://154.216.19.61/sparc.nn | — | |
urlhttp://154.216.19.61/x86_32.nn | — | |
urlhttp://154.216.19.61/x86_64.nn | — | |
urlhttp://154.216.20.14/arm5.nn | — | |
urlhttp://154.216.20.14/arm6.nn | — | |
urlhttp://154.216.20.14/arm7.nn | — | |
urlhttp://154.216.20.14/arm.nn | — | |
urlhttp://154.216.20.14/lol | — | |
urlhttp://154.216.20.14/lol.sh | — | |
urlhttp://154.216.20.14/m68k.nn | — | |
urlhttp://154.216.20.14/mipsel.nn | — | |
urlhttp://154.216.20.14/mips.nn | — | |
urlhttp://154.216.20.14/powerpc.nn | — | |
urlhttp://154.216.20.14/sh4.nn | — | |
urlhttp://154.216.20.14/sparc.nn | — | |
urlhttp://154.216.20.14/x86_32.nn | — | |
urlhttp://154.216.20.14/x86_64.nn | — | |
urlhttp://154.216.20.45/arm5.nn | — | |
urlhttp://154.216.20.45/arm6.nn | — | |
urlhttp://154.216.20.45/arm7.nn | — | |
urlhttp://154.216.20.45/arm.nn | — | |
urlhttp://154.216.20.45/lol | — | |
urlhttp://154.216.20.45/lol.sh | — | |
urlhttp://154.216.20.45/m68k.nn | — | |
urlhttp://154.216.20.45/mipsel.nn | — | |
urlhttp://154.216.20.45/mips.nn | — | |
urlhttp://154.216.20.45/powerpc.nn | — | |
urlhttp://154.216.20.45/sh4.nn | — | |
urlhttp://154.216.20.45/sparc.nn | — | |
urlhttp://154.216.20.45/x86_32.nn | — | |
urlhttp://154.216.20.45/x86_64.nn | — | |
urlhttp://185.170.144.49/arm5.nn | — | |
urlhttp://185.170.144.49/arm6.nn | — | |
urlhttp://185.170.144.49/arm7.nn | — | |
urlhttp://185.170.144.49/arm.nn | — | |
urlhttp://185.170.144.49/lol | — | |
urlhttp://185.170.144.49/lol.sh | — | |
urlhttp://185.170.144.49/m68k.nn | — | |
urlhttp://185.170.144.49/mipsel.nn | — | |
urlhttp://185.170.144.49/mips.nn | — | |
urlhttp://185.170.144.49/powerpc.nn | — | |
urlhttp://185.170.144.49/sh4.nn | — | |
urlhttp://185.170.144.49/sparc.nn | — | |
urlhttp://185.170.144.49/x86_32.nn | — | |
urlhttp://185.170.144.49/x86_64.nn | — | |
urlhttp://45.202.35.87/m68k.nn | — | |
urlhttp://45.202.35.87/mipsel.nn | — | |
urlhttp://45.202.35.87/mips.nn | — | |
urlhttp://45.202.35.87/powerpc.nn | — | |
urlhttp://45.202.35.87/sparc.nn | — | |
urlhttp://45.202.35.87/x86_32.nn | — | |
urlhttp://45.202.35.87/x86_64.nn | — | |
urlhttp://45.66.231.26/lol | — | |
urlhttp://45.66.231.26/lol.sh | — | |
urlhttp://45.66.231.26/m68k.nn | — | |
urlhttp://45.66.231.26/powerpc.nn | — | |
urlhttp://45.66.231.26/sh4.nn | — | |
urlhttp://45.66.231.26/sparc.nn | — | |
urlhttp://45.88.88.41/arm5.nn | — | |
urlhttp://45.88.88.41/arm6.nn | — | |
urlhttp://45.88.88.41/arm7.nn | — | |
urlhttp://45.88.88.41/arm.nn | — | |
urlhttp://45.88.88.41/mipsel.nn | — | |
urlhttp://45.88.88.41/mips.nn | — | |
urlhttp://45.88.88.41/x86_32.nn | — | |
urlhttp://45.88.88.41/x86_64.nn | — | |
urlhttp://45.89.247.112/arm5.nn | — | |
urlhttp://45.89.247.112/arm6.nn | — | |
urlhttp://45.89.247.112/arm7.nn | — | |
urlhttp://45.89.247.112/arm.nn | — | |
urlhttp://45.89.247.112/lol | — | |
urlhttp://45.89.247.112/lol.sh | — | |
urlhttp://45.89.247.112/m68k.nn | — | |
urlhttp://45.89.247.112/mipsel.nn | — | |
urlhttp://45.89.247.112/mips.nn | — | |
urlhttp://45.89.247.112/powerpc.nn | — | |
urlhttp://45.89.247.112/sh4.nn | — | |
urlhttp://45.89.247.112/sparc.nn | — | |
urlhttp://45.89.247.112/x86_32.nn | — | |
urlhttp://45.89.247.112/x86_64.nn | — | |
urlhttp://46.8.69.32/arm5.nn | — | |
urlhttp://46.8.69.32/arm6.nn | — | |
urlhttp://46.8.69.32/arm7.nn | — | |
urlhttp://46.8.69.32/arm.nn | — | |
urlhttp://46.8.69.32/lol | — | |
urlhttp://46.8.69.32/lol.sh | — | |
urlhttp://46.8.69.32/mipsel.nn | — | |
urlhttp://46.8.69.32/mips.nn | — | |
urlhttp://46.8.69.32/x86_32.nn | — | |
urlhttp://46.8.69.32/x86_64.nn | — | |
urlhttp://91.194.55.151/arm5.nn | — | |
urlhttp://91.194.55.151/arm6.nn | — | |
urlhttp://91.194.55.151/arm7 | — | |
urlhttp://91.194.55.151/arm7.nn | — | |
urlhttp://91.194.55.151/arm.nn | — | |
urlhttp://91.194.55.151/mips | — | |
urlhttp://91.194.55.151/mipsel | — | |
urlhttp://91.194.55.151/x86_32.nn | — | |
urlhttp://91.194.55.151/x86_64.nn | — | |
urlhttp://94.156.177.68/arm5.nn | — | |
urlhttp://94.156.177.68/arm6.nn | — | |
urlhttp://94.156.177.68/arm7.nn | — | |
urlhttp://94.156.177.68/arm.nn | — | |
urlhttp://94.156.177.68/mipsel.nn | — | |
urlhttp://94.156.177.68/mips.nn | — | |
urlhttp://94.156.177.68/x86_32.nn | — | |
urlhttp://94.156.177.68/x86_64.nn | — | |
urlhttp://94.156.65.232/arm5.nn | — | |
urlhttp://94.156.65.232/arm6.nn | — | |
urlhttp://94.156.65.232/arm7.nn | — | |
urlhttp://94.156.65.232/arm.nn | — | |
urlhttp://94.156.65.232/lol | — | |
urlhttp://94.156.65.232/lol.sh | — | |
urlhttp://94.156.65.232/m68k.nn | — | |
urlhttp://94.156.65.232/mipsel.nn | — | |
urlhttp://94.156.65.232/mips.nn | — | |
urlhttp://94.156.65.232/powerpc.nn | — | |
urlhttp://94.156.65.232/sh4.nn | — | |
urlhttp://94.156.65.232/sparc.nn | — | |
urlhttp://94.156.65.232/x86_32.nn | — | |
urlhttp://94.156.65.232/x86_64.nn | — | |
urlhttp://gorillabin.su/arm5.nn | — | |
urlhttp://gorillabin.su/arm6.nn | — | |
urlhttp://gorillabin.su/arm7.nn | — | |
urlhttp://gorillabin.su/arm.nn | — | |
urlhttp://gorillabin.su/lol.sh | — | |
urlhttp://gorillabin.su/mipsel.nn | — | |
urlhttp://gorillabin.su/mips.nn | — | |
urlhttp://gorillabin.su/x86_32.nn | — | |
urlhttp://gorillabin.su/x86_64.nn | — | |
urlhttp://pen.gorillafirewall.su/lol.sh | — | |
urlhttp://pen.gorillafirewall.su/sh4.nn | — | |
urlhttp://www.xn--girsdom-9ya.com/arm5.nn | — | |
urlhttp://www.xn--girsdom-9ya.com/arm6.nn | — | |
urlhttp://www.xn--girsdom-9ya.com/arm.nn | — | |
urlhttp://www.xn--girsdom-9ya.com/mipsel.nn | — | |
urlhttp://www.xn--girsdom-9ya.com/x86_64.nn | — | |
urlhttp://xn--girsdom-9ya.com/arm5.nn | — | |
urlhttp://xn--girsdom-9ya.com/arm6.nn | — | |
urlhttp://xn--girsdom-9ya.com/arm.nn | — | |
urlhttp://xn--girsdom-9ya.com/mipsel.nn | — | |
urlhttp://xn--girsdom-9ya.com/x86_64.nn | — |
Text
| Value | Description | Copy |
|---|---|---|
text/arm6.nn | — | |
text154.216.17.182 | — | |
text/arm7.nn | — | |
text154.216.17.182 | — | |
text/lol | — | |
text154.216.17.182 | — | |
text/lol.sh | — | |
text154.216.17.182 | — | |
text/x86_64.nn | — | |
text154.216.17.182 | — | |
text/arm6.nn | — | |
text154.216.18.173 | — | |
text/lol | — | |
text154.216.18.173 | — | |
text/lol.sh | — | |
text154.216.18.173 | — | |
text/x86_64.nn | — | |
text154.216.18.173 | — | |
text/arm5.nn | — | |
text154.216.19.61 | — | |
text/arm6.nn | — | |
text154.216.19.61 | — | |
text/arm7.nn | — | |
text154.216.19.61 | — | |
text/arm.nn | — | |
text154.216.19.61 | — | |
text/lol | — | |
text154.216.19.61 | — | |
text/lol.sh | — | |
text154.216.19.61 | — | |
text/m68k.nn | — | |
text154.216.19.61 | — | |
text/mipsel.nn | — | |
text154.216.19.61 | — | |
text/mips.nn | — | |
text154.216.19.61 | — | |
text/powerpc.nn | — | |
text154.216.19.61 | — | |
text/sh4.nn | — | |
text154.216.19.61 | — | |
text/sparc.nn | — | |
text154.216.19.61 | — | |
text/x86_32.nn | — | |
text154.216.19.61 | — | |
text/x86_64.nn | — | |
text154.216.19.61 | — | |
text/arm5.nn | — | |
text154.216.20.14 | — | |
text/arm6.nn | — | |
text154.216.20.14 | — | |
text/arm7.nn | — | |
text154.216.20.14 | — | |
text/arm.nn | — | |
text154.216.20.14 | — | |
text/lol | — | |
text154.216.20.14 | — | |
text/lol.sh | — | |
text154.216.20.14 | — | |
text/m68k.nn | — | |
text154.216.20.14 | — | |
text/mipsel.nn | — | |
text154.216.20.14 | — | |
text/mips.nn | — | |
text154.216.20.14 | — | |
text/powerpc.nn | — | |
text154.216.20.14 | — | |
text/sh4.nn | — | |
text154.216.20.14 | — | |
text/sparc.nn | — | |
text154.216.20.14 | — | |
text/x86_32.nn | — | |
text154.216.20.14 | — | |
text/x86_64.nn | — | |
text154.216.20.14 | — | |
text/arm5.nn | — | |
text154.216.20.45 | — | |
text/arm6.nn | — | |
text154.216.20.45 | — | |
text/arm7.nn | — | |
text154.216.20.45 | — | |
text/arm.nn | — | |
text154.216.20.45 | — | |
text/lol | — | |
text154.216.20.45 | — | |
text/lol.sh | — | |
text154.216.20.45 | — | |
text/m68k.nn | — | |
text154.216.20.45 | — | |
text/mipsel.nn | — | |
text154.216.20.45 | — | |
text/mips.nn | — | |
text154.216.20.45 | — | |
text/powerpc.nn | — | |
text154.216.20.45 | — | |
text/sh4.nn | — | |
text154.216.20.45 | — | |
text/sparc.nn | — | |
text154.216.20.45 | — | |
text/x86_32.nn | — | |
text154.216.20.45 | — | |
text/x86_64.nn | — | |
text154.216.20.45 | — | |
text/arm5.nn | — | |
text185.170.144.49 | — | |
text/arm6.nn | — | |
text185.170.144.49 | — | |
text/arm7.nn | — | |
text185.170.144.49 | — | |
text/arm.nn | — | |
text185.170.144.49 | — | |
text/lol | — | |
text185.170.144.49 | — | |
text/lol.sh | — | |
text185.170.144.49 | — | |
text/m68k.nn | — | |
text185.170.144.49 | — | |
text/mipsel.nn | — | |
text185.170.144.49 | — | |
text/mips.nn | — | |
text185.170.144.49 | — | |
text/powerpc.nn | — | |
text185.170.144.49 | — | |
text/sh4.nn | — | |
text185.170.144.49 | — | |
text/sparc.nn | — | |
text185.170.144.49 | — | |
text/x86_32.nn | — | |
text185.170.144.49 | — | |
text/x86_64.nn | — | |
text185.170.144.49 | — | |
text/m68k.nn | — | |
text45.202.35.87 | — | |
text/mipsel.nn | — | |
text45.202.35.87 | — | |
text/mips.nn | — | |
text45.202.35.87 | — | |
text/powerpc.nn | — | |
text45.202.35.87 | — | |
text/sparc.nn | — | |
text45.202.35.87 | — | |
text/x86_32.nn | — | |
text45.202.35.87 | — | |
text/x86_64.nn | — | |
text45.202.35.87 | — | |
text/lol | — | |
text45.66.231.26 | — | |
text/lol.sh | — | |
text45.66.231.26 | — | |
text/m68k.nn | — | |
text45.66.231.26 | — | |
text/powerpc.nn | — | |
text45.66.231.26 | — | |
text/sh4.nn | — | |
text45.66.231.26 | — | |
text/sparc.nn | — | |
text45.66.231.26 | — | |
text/arm5.nn | — | |
text45.88.88.41 | — | |
text/arm6.nn | — | |
text45.88.88.41 | — | |
text/arm7.nn | — | |
text45.88.88.41 | — | |
text/arm.nn | — | |
text45.88.88.41 | — | |
text/mipsel.nn | — | |
text45.88.88.41 | — | |
text/mips.nn | — | |
text45.88.88.41 | — | |
text/x86_32.nn | — | |
text45.88.88.41 | — | |
text/x86_64.nn | — | |
text45.88.88.41 | — | |
text/arm5.nn | — | |
text45.89.247.112 | — | |
text/arm6.nn | — | |
text45.89.247.112 | — | |
text/arm7.nn | — | |
text45.89.247.112 | — | |
text/arm.nn | — | |
text45.89.247.112 | — | |
text/lol | — | |
text45.89.247.112 | — | |
text/lol.sh | — | |
text45.89.247.112 | — | |
text/m68k.nn | — | |
text45.89.247.112 | — | |
text/mipsel.nn | — | |
text45.89.247.112 | — | |
text/mips.nn | — | |
text45.89.247.112 | — | |
text/powerpc.nn | — | |
text45.89.247.112 | — | |
text/sh4.nn | — | |
text45.89.247.112 | — | |
text/sparc.nn | — | |
text45.89.247.112 | — | |
text/x86_32.nn | — | |
text45.89.247.112 | — | |
text/x86_64.nn | — | |
text45.89.247.112 | — | |
text/arm5.nn | — | |
text46.8.69.32 | — | |
text/arm6.nn | — | |
text46.8.69.32 | — | |
text/arm7.nn | — | |
text46.8.69.32 | — | |
text/arm.nn | — | |
text46.8.69.32 | — | |
text/lol | — | |
text46.8.69.32 | — | |
text/lol.sh | — | |
text46.8.69.32 | — | |
text/mipsel.nn | — | |
text46.8.69.32 | — | |
text/mips.nn | — | |
text46.8.69.32 | — | |
text/x86_32.nn | — | |
text46.8.69.32 | — | |
text/x86_64.nn | — | |
text46.8.69.32 | — | |
text/arm5.nn | — | |
text91.194.55.151 | — | |
text/arm6.nn | — | |
text91.194.55.151 | — | |
text/arm7 | — | |
text91.194.55.151 | — | |
text/arm7.nn | — | |
text91.194.55.151 | — | |
text/arm.nn | — | |
text91.194.55.151 | — | |
text/mips | — | |
text91.194.55.151 | — | |
text/mipsel | — | |
text91.194.55.151 | — | |
text/x86_32.nn | — | |
text91.194.55.151 | — | |
text/x86_64.nn | — | |
text91.194.55.151 | — | |
text/arm5.nn | — | |
text94.156.177.68 | — | |
text/arm6.nn | — | |
text94.156.177.68 | — | |
text/arm7.nn | — | |
text94.156.177.68 | — | |
text/arm.nn | — | |
text94.156.177.68 | — | |
text/mipsel.nn | — | |
text94.156.177.68 | — | |
text/mips.nn | — | |
text94.156.177.68 | — | |
text/x86_32.nn | — | |
text94.156.177.68 | — | |
text/x86_64.nn | — | |
text94.156.177.68 | — | |
text/arm5.nn | — | |
text94.156.65.232 | — | |
text/arm6.nn | — | |
text94.156.65.232 | — | |
text/arm7.nn | — | |
text94.156.65.232 | — | |
text/arm.nn | — | |
text94.156.65.232 | — | |
text/lol | — | |
text94.156.65.232 | — | |
text/lol.sh | — | |
text94.156.65.232 | — | |
text/m68k.nn | — | |
text94.156.65.232 | — | |
text/mipsel.nn | — | |
text94.156.65.232 | — | |
text/mips.nn | — | |
text94.156.65.232 | — | |
text/powerpc.nn | — | |
text94.156.65.232 | — | |
text/sh4.nn | — | |
text94.156.65.232 | — | |
text/sparc.nn | — | |
text94.156.65.232 | — | |
text/x86_32.nn | — | |
text94.156.65.232 | — | |
text/x86_64.nn | — | |
text94.156.65.232 | — | |
textsu | — | |
text/arm5.nn | — | |
textgorillabin | — | |
textsu | — | |
text/arm6.nn | — | |
textgorillabin | — | |
textsu | — | |
text/arm7.nn | — | |
textgorillabin | — | |
textsu | — | |
text/arm.nn | — | |
textgorillabin | — | |
textsu | — | |
text/lol.sh | — | |
textgorillabin | — | |
textsu | — | |
text/mipsel.nn | — | |
textgorillabin | — | |
textsu | — | |
text/mips.nn | — | |
textgorillabin | — | |
textsu | — | |
text/x86_32.nn | — | |
textgorillabin | — | |
textsu | — | |
text/x86_64.nn | — | |
textgorillabin | — | |
textsu | — | |
textpen | — | |
text/lol.sh | — | |
textgorillafirewall | — | |
textsu | — | |
textpen | — | |
text/sh4.nn | — | |
textgorillafirewall | — | |
textcom | — | |
textwww | — | |
text/arm5.nn | — | |
textxn--girsdom-9ya | — | |
textcom | — | |
textwww | — | |
text/arm6.nn | — | |
textxn--girsdom-9ya | — | |
textcom | — | |
textwww | — | |
text/arm.nn | — | |
textxn--girsdom-9ya | — | |
textcom | — | |
textwww | — | |
text/mipsel.nn | — | |
textxn--girsdom-9ya | — | |
textcom | — | |
textwww | — | |
text/x86_64.nn | — | |
textxn--girsdom-9ya | — | |
textcom | — | |
text/arm5.nn | — | |
textxn--girsdom-9ya | — | |
textcom | — | |
text/arm6.nn | — | |
textxn--girsdom-9ya | — | |
textcom | — | |
text/arm.nn | — | |
textxn--girsdom-9ya | — | |
textcom | — | |
text/mipsel.nn | — | |
textxn--girsdom-9ya | — | |
textcom | — | |
text/x86_64.nn | — | |
textxn--girsdom-9ya | — | |
textSince September 2024, the National Cyber Security Centre of Switzerland (NCSC)
is witnessing an increase in DDoS attacks against national critical infrastructure in
Switzerland. According to our intelligence, these DDoS attacks are originating from
a DDoS-as-a-service called ”Gorilla”. The attacks were mostly UDP based amplifi-
cation attacks, apparently using open DNS resolvers. While the recent attacks have
temporarily impacted the availability of certain services operated by the victim’s orga-
nization, the security and confidentially of data or services have not been impacted nor
ever been at risk.
Under the name ”Gorilla Services”, an unknown threat actor is selling various services
on Telegram, including DDoS-as-a-service where the cheapest plan starts at only a
couple of dollars per day. While the service is already in business for quite some time,
the amount of DDoS attacks conducted by Gorilla has increased recently. Gorilla of-
fers a Mirai-like DDoS botnet for hire (”GorillaBot”) which contains out of compromised
Linux/Unix devices. However, they also offer 10Gbit/s hosting with spoofed uplink,
which commonly get used for DDoS attacks as well. As documented by NSFOCUS1,
the number of attacks conducted by GorillaBot has increased rapidly to over 300’000
attacks in September 2024. With this, NSFOCUS considers the threat as ”The New
King of DDoS Attacks”.
The NCSC has mapped, together with the affected organizations in Switzerland, the
attack infrastructure used by Gorilla and shared the corresponding cyber threat intel-
ligence (CTI) not only with operators of national critical infrastructure in Switzerland
but also with international partners. In addition, the NCSC has contacted Telegram, a
company operating out of Dubai, and asked them to take actions against the offensive
Telegram channel. This apparently resulted in the shut down of the reported Telegram
channel. However, we observed that the threat actor has already set up a new Tele-
gram channel and Singal as backup.
With this technical report, we shed some light on the malware used by Gorilla and
their DDoS operations. | — | |
textTechnical Analysis of GorillaBot | — | |
textReport | — | |
text.init | — | |
text_lief | — | |
text_lief | — | |
text_lief | — | |
text.text | — | |
text_lief | — | |
text_lief | — | |
text_lief | — | |
text.fini | — | |
text_lief | — | |
text_lief | — | |
text_lief | — | |
text.rodata | — | |
text_lief | — | |
text_lief | — | |
text.ctors | — | |
text_lief | — | |
text_lief | — | |
text_lief | — | |
text.dtors | — | |
text_lief | — | |
text_lief | — | |
text_lief | — | |
text.data | — | |
text_lief | — | |
text_lief | — | |
text_lief | — | |
text.bss | — | |
text_lief | — | |
text_lief | — | |
text_lief | — | |
text.shstrtab | — | |
text_lief | — | |
text_lief | — | |
text4194708 | — | |
text_lief | — | |
text_lief | — | |
text.init | — | |
text_lief | — | |
text_lief | — | |
text_lief | — | |
text.text | — | |
text_lief | — | |
text_lief | — | |
text_lief | — | |
text.fini | — | |
text_lief | — | |
text_lief | — | |
text_lief | — | |
text.rodata | — | |
text_lief | — | |
text_lief | — | |
text.ctors | — | |
text_lief | — | |
text_lief | — | |
text_lief | — | |
text.dtors | — | |
text_lief | — | |
text_lief | — | |
text_lief | — | |
text.data | — | |
text_lief | — | |
text_lief | — | |
text_lief | — | |
text.bss | — | |
text_lief | — | |
text_lief | — | |
text_lief | — | |
text.shstrtab | — | |
text_lief | — | |
text_lief | — | |
text134512996 | — | |
text_lief | — | |
text_lief | — | |
textBash | — | |
textScript to download the GorillaBot binaries (Mirai variant) | — | |
textMalicious | — |
Link
| Value | Description | Copy |
|---|---|---|
linkhttps://github.com/govcert-ch/CTI/blob/main/20241010_GorillaBot/20241010_NCSC-CH-GorillaBot.pdf | — |
Size in-bytes
| Value | Description | Copy |
|---|---|---|
size-in-bytes616 | — | |
size-in-bytes19 | — | |
size-in-bytes80550 | — | |
size-in-bytes14 | — | |
size-in-bytes15312 | — | |
size-in-bytes16 | — | |
size-in-bytes16 | — | |
size-in-bytes2208 | — | |
size-in-bytes10696 | — | |
size-in-bytes62 | — | |
size-in-bytes99104 | — | |
size-in-bytes28 | — | |
size-in-bytes77654 | — | |
size-in-bytes23 | — | |
size-in-bytes14140 | — | |
size-in-bytes8 | — | |
size-in-bytes8 | — | |
size-in-bytes1408 | — | |
size-in-bytes9728 | — | |
size-in-bytes62 | — | |
size-in-bytes96112 | — |
Float
| Value | Description | Copy |
|---|---|---|
float4.7352556208588 | — | |
float3.4058222502857 | — | |
float6.2614147616808 | — | |
float3.3787834934862 | — | |
float5.4563632549439 | — | |
float1 | — | |
float1 | — | |
float3.9962404616202 | — | |
float3.5847266094526 | — | |
float6.3228588477239 | — | |
float3.6375375112661 | — | |
float6.446127586329 | — | |
float4.0018228256222 | — | |
float5.764880966392 | — | |
float1 | — | |
float1 | — | |
float5.8582486136718 | — | |
float3.5847266094526 | — | |
float6.4973160195996 | — |
Malware sample
| Value | Description | Copy |
|---|---|---|
malware-samplea9a56ecee25fb22a19757e98133aeb858312377f6fd9c2bbb747edf687ed8547|3c21544cfb3979b9d823eac46998f86a | — | |
malware-sample14fb8b3b89c5f626519950882f242dd53889b1067578a9321e721dbf4311a91f|6cfca1b6f1302235cf09a9942ba1d3c6 | — | |
malware-sampled50acb9b20222c4e4a616a2ccc095eec2780141da7d4264a5ba2f82cae9c4670|4dc38c34e95ee063a4328a07871689ff | — |
Mime type
| Value | Description | Copy |
|---|---|---|
mime-typetext/plain | — | |
mime-typeapplication/x-executable | — | |
mime-typeapplication/x-executable | — |
Ssdeep
| Value | Description | Copy |
|---|---|---|
ssdeep12:PRGH9vPnccGsQP1qyAA5Sq7FeIKW1h+A1DFTFIbn:PsXnWsYdAA5bMIKW1hV1Zun | — | |
ssdeep3:4o/ns4U:fU4U | — | |
ssdeep1536:5JOA3BJHQbOqxM21+4M280LWcmTmNGeccRJ6p2laHu12F+pHxvBVuK:SARJHp8M2Q4B80icmTKVJ02lD12F+Tvj | — | |
ssdeep3:4mFtWU:RGU | — | |
ssdeep384:WsDvgVuIGwhxHePdOnxxxxxxxxxxxxxxxOxuxxxxxxxZxxxsxxUexAjjjjjjjjjc:WszgApwhxHI0nxxxxxxxxxxxxxxxOxu+ | — | |
ssdeep3:RRR//:LRX | — | |
ssdeep3:RRR//:LRX | — | |
ssdeep24:H4OJYpAKbqmMepg/pPsnRkysDbuC1+Xja1gs+y1OXGK1Q/BEWIbvxHwfULmqAyDo:H8P8RZgWqAw5eCefcmqxDgDh21664 | — | |
ssdeep3:: | — | |
ssdeep3:dqMLwlApLQ4lLaCMLdsxlLB4K2in:kMF84MFsOin | — | |
ssdeep3072:pARJHp8M2Q4B80icmTKVJ02lD12F+TvBVn5s:pAfHp8M2Q4B80LJFbzbB9e | — | |
ssdeep3:ZB1/XN/X2kr:Vld | — | |
ssdeep1536:R+EVm3mt3zm4Yj1wORWWBsSJEiN+c0Ubt9B9o8LCoGULTswXSf:R+wkmt3zm4kV0iNtbTvo8WoG4IR | — | |
ssdeep3:ZBqvvlNpJn:2nHn | — | |
ssdeep192:qD4QkztZiIPzW0tdPFmF65lewVwQ7QRDFWaEnlRum67bqlOVyQSWB3jiGKl:qsT/BkuIGQRZaePuGKl | — | |
ssdeep3:RRtl:LX | — | |
ssdeep3:RRtl:LX | — | |
ssdeep24:0Xj4OtdrTq5k8V0XjkfULmqAyDxyND8W2kmvW5nr++8/1fLv:0jZtBq5k8V0XAfcmqxDgDn2LFb | — | |
ssdeep3:: | — | |
ssdeep3:dqMLwlApLQ4lLaCMLdsxlLB4K2in:kMF84MFsOin | — | |
ssdeep1536:z+EVm3mt3zm4Yj1wORWWBsSJEiN+c0Ubt9B9o8LCoGULTswXSQVZQRZaLG:z+wkmt3zm4kV0iNtbTvo8WoG4IOVUaLG | — |
Counter
| Value | Description | Copy |
|---|---|---|
counter9 | — | |
counter9 | — |
Threat ID: 68493dbccacb3d99bea6dd66
Added to database: 6/11/2025, 8:26:36 AM
Last enriched: 7/1/2025, 1:55:18 PM
Last updated: 12/2/2025, 6:18:52 AM
Views: 89
Community Reviews
0 reviewsCrowdsource mitigation strategies, share intel context, and vote on the most helpful responses. Sign in to add your voice and help keep defenders ahead.
Sort by
Loading community insights…
Want to contribute mitigation steps or threat intel context? Sign in or create an account to join the community discussion.
Related Threats
ThreatFox IOCs for 2025-12-01
MediumMalwareTue Dec 02 2025
ThreatFox IOCs for 2025-11-30
MediumMalwareMon Dec 01 2025
ThreatFox IOCs for 2025-11-29
MediumMalwareSun Nov 30 2025
Sha1-Hulud - November 2025
MediumUnknownSat Nov 29 2025
Salesforce Gainsight Security Advisory - Nov 2025
MediumMalwareSat Nov 29 2025
Actions
PRO
Updates to AI analysis require Pro Console access. Upgrade inside Console → Billing.
Please log in to the Console to use AI analysis features.
External Links
Need enhanced features?
Contact root@offseq.com for Pro access with improved analysis and higher rate limits.