Skip to content

Latest commit

 

History

History
18 lines (12 loc) · 1.85 KB

README.md

File metadata and controls

18 lines (12 loc) · 1.85 KB

GovCERT.ch Cyber Threat Intelligence

In this directory we post technical cyber threat Intelligence and provide it as is under TLP:CLEAR.

📗 Table of Contents

  • 20241010_GorillaBot: Contains a report and IoCs from the analysis of the GorillaBot DDoS-as-a-Service Malware and Infrastructure.
  • 20240627_macOS_PoseidonStealer: Contains information about a Poseidon Stealer malspam campaign targeting Swiss macOS users and the related MISP Event.
  • 20240615_NoName057-attacking-ips.csv: Contains IPv4 addresses that allegedly participated in DDoS attacks on 2024-06-14 and 2024-06-15 against Swiss targets. These attacks were conducted by hacktivist group NoName057(16), using L7 attacks (HTTP/s GET flood). The majority of the IP addresses belong to VPN service providers that got misused by NoName057(16) for launching DDoS attacks.
  • 20240615_NoName057-controller-ips.csv: Contains IPv4 addresses that allegedly were used in June 2024 by NoName057(16) to command and control their DDoS tool called "DDoSia".
  • 20240117_NoName057-DDoS-CH.csv: Contains IPv4 addresses that participated in DDoS attacks on 2024-01-17 against Swiss targets. These attacks were allegedly conducted by hacktivist group NoName057(16), using L7 attacks (HTTP/s GET flood). GovCERT.ch has contacted the abuse desks of the relevant network owners (AS) and asked them to take the appropriate actions to prevent further abuse of their service.

Disclaimer:

  • Data published here is provided "as it is" without any warranty or liability
  • AS number, AS name and country code for published IP addresses has been provided by Team Cymru's IP to ASN Mapping Service