Dofloo

Dofloo (aka AESDDoS) is a popular malware used to create large scale botnets that can launch DDoS attacks and load cryptocurrency miners to the infected machines. Misconfigured Docker services being abused is a known trend. Threat actors are actively scanning for exposed Dockers APIs on port 2375 and use them to deploy a malicious payload which drops Dofloo.

Technical Details

  • Bleeping Computer provides technical analysis on Dofloo, here.

dofloo.jpg

Image Source: Bleeping Computer

Trojan VariantsNJCCIC