In this directory we post technical cyber threat Intelligence and provide it as is under TLP:CLEAR.
- 20241010_GorillaBot: Contains a report and IoCs from the analysis of the GorillaBot DDoS-as-a-Service Malware and Infrastructure.
- 20240627_macOS_PoseidonStealer: Contains information about a Poseidon Stealer malspam campaign targeting Swiss macOS users and the related MISP Event.
- 20240615_NoName057-attacking-ips.csv: Contains IPv4 addresses that allegedly participated in DDoS attacks on 2024-06-14 and 2024-06-15 against Swiss targets. These attacks were conducted by hacktivist group NoName057(16), using L7 attacks (HTTP/s GET flood). The majority of the IP addresses belong to VPN service providers that got misused by NoName057(16) for launching DDoS attacks.
- 20240615_NoName057-controller-ips.csv: Contains IPv4 addresses that allegedly were used in June 2024 by NoName057(16) to command and control their DDoS tool called "DDoSia".
- 20240117_NoName057-DDoS-CH.csv: Contains IPv4 addresses that participated in DDoS attacks on 2024-01-17 against Swiss targets. These attacks were allegedly conducted by hacktivist group NoName057(16), using L7 attacks (HTTP/s GET flood). GovCERT.ch has contacted the abuse desks of the relevant network owners (AS) and asked them to take the appropriate actions to prevent further abuse of their service.
Disclaimer:
- Data published here is provided "as it is" without any warranty or liability
- AS number, AS name and country code for published IP addresses has been provided by Team Cymru's IP to ASN Mapping Service