Trusted Design

Booters with Chinese Characteristics: The Rise of Chinese Online DDoS Platforms

概要

In the past few months, Talos has observed an uptick in the number of Chinese websites offering online DDoS services. Many of these websites have a nearly identical layout and design, offering a simple interface in which the user selects a target’s host, port, attack method, and duration of attack. In addition, the majority of these sites have been registered within the past six months. However, the websites operate under different group names and have different registrants. In addition, Talos has observed administrators of these websites launching attacks on one another. Talos sought to research the actors responsible for creating these platforms and analyze why they have become more prevalent lately.

Created: 2026-02-23

Indicators

Indicatorsは見つかっていない。

類似Pulses

China DDoS ELF malware CNC, Panel & exploit scanner distribution (score: 0.61)
HIDDEN COBRA – North Korea’s DDoS Botnet Infrastructure (score: 0.61)
New Chinese IoT botnet: Trump Bot (score: 0.61)
DDoS Botnet NK (score: 0.60)
Botnet of mostly Chinese spammer IPs exploiting a webUI (score: 0.60)

このPulseに関連する脅威アクター (事実ベース)

Kimsuky

Score: 18.08

Matched TTPs:

T1033 - System Owner/User Discovery
T1091 - Replication Through Removable Media
T1588.001 - Malware
T1608.005 - Link Target
T1102.003 - One-Way Communication
T1547.002 - Authentication Package
T1008 - Fallback Channels

MITREへのリンク →

Sea Turtle

Score: 3.03

Matched TTPs:

T1033 - System Owner/User Discovery

MITREへのリンク →

Ember Bear

Score: 7.17

Matched TTPs:

T1033 - System Owner/User Discovery
T1564.008 - Email Hiding Rules

MITREへのリンク →

Indrik Spider

Score: 3.03

Matched TTPs:

T1033 - System Owner/User Discovery

MITREへのリンク →

Agrius

Score: 3.03

Matched TTPs:

T1033 - System Owner/User Discovery

MITREへのリンク →

Contagious Interview

Score: 12.83

Matched TTPs:

T1033 - System Owner/User Discovery
T1091 - Replication Through Removable Media
T1608.005 - Link Target
T1102.003 - One-Way Communication
T1547.008 - LSASS Driver

MITREへのリンク →

Sandworm Team

Score: 22.98

Matched TTPs:

T1033 - System Owner/User Discovery
T1564.008 - Email Hiding Rules
T1091 - Replication Through Removable Media
T1049 - System Network Connections Discovery
T1102.003 - One-Way Communication
T1547.002 - Authentication Package
T1075 - Pass the Hash

MITREへのリンク →

Star Blizzard

Score: 8.29

Matched TTPs:

T1033 - System Owner/User Discovery
T1091 - Replication Through Removable Media
T1102.003 - One-Way Communication

MITREへのリンク →

APT41

Score: 9.51

Matched TTPs:

T1539 - Steal Web Session Cookie
T1588.001 - Malware
T1008 - Fallback Channels

MITREへのリンク →

TA551

Score: 4.13

Matched TTPs:

T1539 - Steal Web Session Cookie

MITREへのリンク →

HAFNIUM

Score: 13.61

Matched TTPs:

T1027.008 - Stripped Payloads
T1049 - System Network Connections Discovery
T1608.005 - Link Target
T1055.008 - Ptrace System Calls

MITREへのリンク →

APT5

Score: 3.84

Matched TTPs:

T1027.008 - Stripped Payloads

MITREへのリンク →

Ke3chang

Score: 7.28

Matched TTPs:

T1027.008 - Stripped Payloads
T1685.005 - Clear Windows Event Logs

MITREへのリンク →

TA2541

Score: 3.99

Matched TTPs:

T1091 - Replication Through Removable Media
T1608.005 - Link Target

MITREへのリンク →

Earth Lusca

Score: 9.37

Matched TTPs:

T1091 - Replication Through Removable Media
T1608.005 - Link Target
T1218.001 - Compiled HTML File
T1059.012 - Hypervisor CLI

MITREへのリンク →

Mustang Panda

Score: 11.40

Matched TTPs:

T1091 - Replication Through Removable Media
T1608.005 - Link Target
T1102.003 - One-Way Communication
T1055.005 - Thread Local Storage

MITREへのリンク →

Mustard Tempest

Score: 8.28

Matched TTPs:

T1091 - Replication Through Removable Media
T1059.012 - Hypervisor CLI
T1543.002 - Systemd Service

MITREへのリンク →

OilRig

Score: 4.50

Matched TTPs:

T1091 - Replication Through Removable Media
T1547.008 - LSASS Driver

MITREへのリンク →

LazyScripter

Score: 3.99

Matched TTPs:

T1091 - Replication Through Removable Media
T1608.005 - Link Target

MITREへのリンク →

Gamaredon Group

Score: 15.05

Matched TTPs:

T1091 - Replication Through Removable Media
T1608.005 - Link Target
T1554 - Compromise Host Software Binary
T1061 - Graphical User Interface
T1547.002 - Authentication Package

MITREへのリンク →

Threat Group-3390

Score: 3.74

Matched TTPs:

T1091 - Replication Through Removable Media
T1059.012 - Hypervisor CLI

MITREへのリンク →

BITTER

Score: 4.07

Matched TTPs:

T1091 - Replication Through Removable Media
T1588.001 - Malware

MITREへのリンク →

APT32

Score: 7.85

Matched TTPs:

T1091 - Replication Through Removable Media
T1588.001 - Malware
T1608.005 - Link Target
T1059.012 - Hypervisor CLI

MITREへのリンク →

HEXANE

Score: 4.37

Matched TTPs:

T1091 - Replication Through Removable Media
T1547.002 - Authentication Package

MITREへのリンク →

Saint Bear

Score: 3.99

Matched TTPs:

T1091 - Replication Through Removable Media
T1608.005 - Link Target

MITREへのリンク →

Moonstone Sleet

Score: 4.50

Matched TTPs:

T1091 - Replication Through Removable Media
T1547.008 - LSASS Driver

MITREへのリンク →

FIN7

Score: 8.48

Matched TTPs:

T1091 - Replication Through Removable Media
T1588.001 - Malware
T1608.005 - Link Target
T1547.002 - Authentication Package

MITREへのリンク →

EXOTIC LILY

Score: 4.50

Matched TTPs:

T1091 - Replication Through Removable Media
T1547.008 - LSASS Driver

MITREへのリンク →

MoustachedBouncer

Score: 4.54

Matched TTPs:

T1055.003 - Thread Execution Hijacking

MITREへのリンク →

Ferocious Kitten

Score: 3.44

Matched TTPs:

T1685.005 - Clear Windows Event Logs

MITREへのリンク →

BlackTech

Score: 3.44

Matched TTPs:

T1685.005 - Clear Windows Event Logs

MITREへのリンク →

Scarlet Mimic

Score: 3.44

Matched TTPs:

T1685.005 - Clear Windows Event Logs

MITREへのリンク →

BRONZE BUTLER

Score: 8.49

Matched TTPs:

T1685.005 - Clear Windows Event Logs
T1059.012 - Hypervisor CLI
T1008 - Fallback Channels

MITREへのリンク →

Carbanak

Score: 4.49

Matched TTPs:

T1588.001 - Malware
T1547.002 - Authentication Package

MITREへのリンク →

Winter Vivern

Score: 7.48

Matched TTPs:

T1588.001 - Malware
T1218.001 - Compiled HTML File
T1059.012 - Hypervisor CLI

MITREへのリンク →

Wizard Spider

Score: 6.23

Matched TTPs:

T1588.001 - Malware
T1567.001 - Exfiltration to Code Repository

MITREへのリンク →

FIN6

Score: 4.62

Matched TTPs:

T1588.001 - Malware
T1547.008 - LSASS Driver

MITREへのリンク →

PROMETHIUM

Score: 3.86

Matched TTPs:

T1588.001 - Malware
T1059.012 - Hypervisor CLI

MITREへのリンク →

ZIRCONIUM

Score: 6.51

Matched TTPs:

T1588.001 - Malware
T1608.005 - Link Target
T1547.002 - Authentication Package

MITREへのリンク →

Magic Hound

Score: 14.42

Matched TTPs:

T1588.001 - Malware
T1608.005 - Link Target
T1547.002 - Authentication Package
T1578.002 - Create Cloud Instance
T1059.012 - Hypervisor CLI
T1547.008 - LSASS Driver

MITREへのリンク →

Lazarus Group

Score: 14.93

Matched TTPs:

T1588.001 - Malware
T1608.005 - Link Target
T1547.002 - Authentication Package
T1059.012 - Hypervisor CLI
T1055.005 - Thread Local Storage
T1547.008 - LSASS Driver

MITREへのリンク →

Axiom

Score: 5.39

Matched TTPs:

T1049 - System Network Connections Discovery
T1059.012 - Hypervisor CLI

MITREへのリンク →

Volt Typhoon

Score: 6.91

Matched TTPs:

T1049 - System Network Connections Discovery
T1102.003 - One-Way Communication

MITREへのリンク →

Turla

Score: 9.80

Matched TTPs:

T1608.005 - Link Target
T1218.001 - Compiled HTML File
T1547.002 - Authentication Package
T1059.012 - Hypervisor CLI

MITREへのリンク →

MuddyWater

Score: 4.41

Matched TTPs:

T1608.005 - Link Target
T1547.002 - Authentication Package

MITREへのリンク →

APT28

Score: 14.85

Matched TTPs:

T1608.005 - Link Target
T1547.002 - Authentication Package
T1059.012 - Hypervisor CLI
T1146 - Clear Command History
T1055.008 - Ptrace System Calls

MITREへのリンク →

APT29

Score: 9.07

Matched TTPs:

T1608.005 - Link Target
T1218.009 - Regsvcs/Regasm
T1547.008 - LSASS Driver

MITREへのリンク →

POLONIUM

Score: 4.41

Matched TTPs:

T1608.005 - Link Target
T1547.002 - Authentication Package

MITREへのリンク →

APT33

Score: 4.13

Matched TTPs:

T1567.001 - Exfiltration to Code Repository

MITREへのリンク →

Leviathan

Score: 5.90

Matched TTPs:

T1554 - Compromise Host Software Binary
T1059.012 - Hypervisor CLI

MITREへのリンク →

CURIUM

Score: 7.91

Matched TTPs:

T1218.001 - Compiled HTML File
T1059.012 - Hypervisor CLI
T1547.008 - LSASS Driver

MITREへのリンク →

APT37

Score: 4.16

Matched TTPs:

T1547.002 - Authentication Package
T1059.012 - Hypervisor CLI

MITREへのリンク →

LAPSUS$

Score: 4.13

Matched TTPs:

T1557.002 - ARP Cache Poisoning

MITREへのリンク →

Scattered Spider

Score: 4.13

Matched TTPs:

T1557.002 - ARP Cache Poisoning

MITREへのリンク →

Storm-1811

Score: 6.14

Matched TTPs:

T1578.002 - Create Cloud Instance
T1547.008 - LSASS Driver

MITREへのリンク →

Dragonfly

Score: 5.39

Matched TTPs:

T1578.002 - Create Cloud Instance
T1059.012 - Hypervisor CLI

MITREへのリンク →

APT3

Score: 3.62

Matched TTPs:

T1578.002 - Create Cloud Instance

MITREへのリンク →

RTM

Score: 5.05

Matched TTPs:

T1059.012 - Hypervisor CLI
T1008 - Fallback Channels

MITREへのリンク →

Windshift

Score: 4.29

Matched TTPs:

T1059.012 - Hypervisor CLI
T1547.008 - LSASS Driver

MITREへのリンク →

Dark Caracal

Score: 4.29

Matched TTPs:

T1059.012 - Hypervisor CLI
T1547.008 - LSASS Driver

MITREへのリンク →

Patchwork

Score: 5.05

Matched TTPs:

T1059.012 - Hypervisor CLI
T1008 - Fallback Channels

MITREへのリンク →

Rocke

Score: 3.29

Matched TTPs:

T1008 - Fallback Channels

MITREへのリンク →

このPulseに関連する脅威アクター (推論ベース)

Sandworm Team

Score: 0.82

Matched TTPs:

T1091 - Replication Through Removable Media
T1049 - System Network Connections Discovery
T1547.002 - Authentication Package
T1075 - Pass the Hash
T1102.003 - One-Way Communication
T1564.008 - Email Hiding Rules
T1033 - System Owner/User Discovery

MITREへのリンク →

Kimsuky

Score: 0.66

Matched TTPs:

T1091 - Replication Through Removable Media
T1547.002 - Authentication Package
T1588.001 - Malware
T1008 - Fallback Channels
T1102.003 - One-Way Communication
T1033 - System Owner/User Discovery
T1608.005 - Link Target

MITREへのリンク →

Lazarus Group

Score: 0.57

Matched TTPs:

T1547.002 - Authentication Package
T1588.001 - Malware
T1059.012 - Hypervisor CLI
T1547.008 - LSASS Driver
T1055.005 - Thread Local Storage
T1608.005 - Link Target

MITREへのリンク →

Gamaredon Group

Score: 0.55

Matched TTPs:

T1091 - Replication Through Removable Media
T1547.002 - Authentication Package
T1554 - Compromise Host Software Binary
T1061 - Graphical User Interface
T1608.005 - Link Target

MITREへのリンク →

Related CVEs

このPulseに見つかったCVEはありません。

Pulse – 脅威アクターグラフ

← Pulse一覧に戻る