{
	"id": "c3fa5dde-6110-44d0-a712-a8eb40eb4d97",
	"created_at": "2026-04-06T00:19:24.151629Z",
	"updated_at": "2026-04-10T13:12:24.375495Z",
	"deleted_at": null,
	"sha1_hash": "103634b69d5846d5d41ecc945cf85424b35d0479",
	"title": "Threat Alert: DDG 3013 is Out",
	"llm_title": "",
	"authors": "",
	"file_creation_date": "0001-01-01T00:00:00Z",
	"file_modification_date": "0001-01-01T00:00:00Z",
	"file_size": 158897,
	"plain_text": "Threat Alert: DDG 3013 is Out\r\nBy JiaYu\r\nPublished: 2018-08-01 · Archived: 2026-04-05 13:26:59 UTC\r\nDDG is a mining botnet mainly focusing on SSH, Redis databases and OrientDB database servers. We captured the first\r\nDDG botnet on October 25, 2017, and subsequently released several reports. A recent report was released in 2018-06, which\r\nreflected the newest version of DDG 3012 at that time.\r\nThis morning, we noticed that DDG version 3013 came out.\r\nIoC\r\nC2\r\n149.56.106.215:8000 Canada/CA Pierrefonds \"AS16276 OVH SAS\"\r\nDownload URL\r\nhxxp://149.56.106.215:8000/i.sh #fca88105ed6f1fc72d25cfb30a0080b8\r\nhxxp://149.56.106.215:8000/static/3011/ddgs.i686 #999fc24f53034b4c73866a0699be15fa\r\nhxxp://149.56.106.215:8000/static/3011/ddgs.x86_64 #55b1d7b0fa1c479c02660896e05db910\r\nhxxp://149.56.106.215:8000/static/3012/ddgs.i686 #e31c1d7a8025e7c3266a07e37c55a4ba\r\nhxxp://149.56.106.215:8000/static/3012/ddgs.x86_64 #26b3aef91bacfa082deff9812acf7875\r\nhxxp://149.56.106.215:8000/static/3013/ddgs.i686 #7fb5665a632fe3f91c65df960ef56d9f\r\nhxxp://149.56.106.215:8000/static/3013/ddgs.x86_64 #c090e30a008b6bc0ea323ba5928c4a62\r\nhxxp://149.56.106.215:8000/static/qW3xT #c50d3e20b3519f096630e31277fefceb\r\nhxxp://149.56.106.215:8000/static/qW3xT.1 #532a35a8d0fe4944c24575c0336eff8a\r\nhxxp://149.56.106.215:8000/static/qW3xT.2 #0a63e48163056b04bf1d48420b7c8150\r\nNew mining pool agent\r\n104.197.211.117:443 United States/US \"AS15169 Google LLC\"\r\nInfect Method\r\nUsing mis-configured Redis in the same way as previous versions of DDGs.\r\nMonetization method\r\nMining\r\nMining Pool:Agent: 104.197.211.117\r\nWallet Address:\r\n42d4D8pASAWghyTmUS8a9yZyErA4WB18TJ6Xd2rZt9HBio2aPmAAVpHcPM8yoDEYD9Fy7eRvPJhR7SKFyTaFbSYCNZ\r\nActivities\r\nIn the past 24 hours, our ScanMon reported 471 scan sources, mainly from China mainland.\r\nhttps://blog.netlab.360.com/threat-alert-ddg-3013-is-out/\r\nPage 1 of 2\n\nContact Us\r\nReaders can feel free to contact us on our twitter or WeChat 360Netlab\r\nSource: https://blog.netlab.360.com/threat-alert-ddg-3013-is-out/\r\nhttps://blog.netlab.360.com/threat-alert-ddg-3013-is-out/\r\nPage 2 of 2",
	"extraction_quality": 1,
	"language": "EN",
	"sources": [
		"Malpedia",
		"ETDA"
	],
	"origins": [
		"web"
	],
	"references": [
		"https://blog.netlab.360.com/threat-alert-ddg-3013-is-out/"
	],
	"report_names": [
		"threat-alert-ddg-3013-is-out"
	],
	"threat_actors": [],
	"ts_created_at": 1775434764,
	"ts_updated_at": 1775826744,
	"ts_creation_date": 0,
	"ts_modification_date": 0,
	"files": {
		"pdf": "https://archive.orkl.eu/103634b69d5846d5d41ecc945cf85424b35d0479.pdf",
		"text": "https://archive.orkl.eu/103634b69d5846d5d41ecc945cf85424b35d0479.txt",
		"img": "https://archive.orkl.eu/103634b69d5846d5d41ecc945cf85424b35d0479.jpg"
	}
}