Shares tags: 7.7DDoS, MYDOOM, DDoS • Published within a week
DDOS Madness Continued...
2009-07-11 • Fireeye •
https://www.fireeye.com/blog/threat-research/2009/07/ddos-madness-climax.html
Attachments
DDOS_Madness_Continued.pdf (626 KB)
FireEye analyzed the July 2009 DDoS activity that disrupted major U.S. and South Korean websites and found destructive malware behavior after the DDoS phase ended. A service component named mstimer.dll triggered wversion.exe after July 10, causing the malware to overwrite disk sectors, erase the MBR, and search fixed and removable drives for common document types. The case shows the campaign combining public-facing DDoS disruption with host-level destructive payloads aimed at damaging infected systems.
Indicators of Compromise
| Type | Value | First Seen | Last Seen |
|---|---|---|---|
| IPv4 | 75.151.32.182 | 2009-07-11 | 2009-11-08 |
| HASH | 04a3552a78ed2f8dc8dc9a77ee9eb281 | 2009-07-11 | 2009-07-11 |
| HASH | 0f394734c65d44915060b36a0b1a972d | 2009-07-11 | 2009-07-11 |
| HASH | 1cba81fea0f34511c026e77cfa1f0ef6 | 2009-07-11 | 2009-07-11 |
| HASH | 93322e3614babd2f36131d604fb42905 | 2009-07-11 | 2009-07-11 |
| HASH | f5c6b935e47b6a8da4c5337f8dc84f76 | 2009-07-11 | 2009-07-11 |
Related Reports
Shares tags: 7.7DDoS, DDoS • Published within a month
Shares tags: 7.7DDoS, DDoS • Published within a week
Shares tags: 7.7DDoS, DDoS • Published within a week
Shares tags: 7.7DDoS, DDoS • Published within a week
Shares tags: 7.7DDoS, DDoS