{
	"id": "18570793-e634-47eb-a323-7046d3bd9752",
	"created_at": "2026-04-06T00:21:36.84392Z",
	"updated_at": "2026-04-10T03:20:26.737928Z",
	"deleted_at": null,
	"sha1_hash": "350a4666c75af258c8bbcbd02b76bacf754ebbbe",
	"title": "CoalaBot: http Ddos Bot",
	"llm_title": "",
	"authors": "",
	"file_creation_date": "0001-01-01T00:00:00Z",
	"file_modification_date": "0001-01-01T00:00:00Z",
	"file_size": 76085,
	"plain_text": "CoalaBot: http Ddos Bot\r\nArchived: 2026-04-05 14:55:06 UTC\r\n2017-10-16 - Ddos\r\nCoalaBot appears to be build on August Stealer code (Panel and Traffic are really alike)\r\nI found it spread as a tasks in a Betabot and in an Andromeda spread via RIG fed by at least one HilltopAds\r\nmalvertising.\r\n2017-09-11: a witnessed infection chain to CoalaBot\r\nA look inside :\r\nhttps://malware.dontneedcoffee.com/2017/10/coalabot-http-ddos-bot.html\r\nPage 1 of 11\n\nCoalaBot: Login Screen\r\n(August Stealer alike) \r\nCoalaBot: Statistics\r\nhttps://malware.dontneedcoffee.com/2017/10/coalabot-http-ddos-bot.html\r\nPage 2 of 11\n\nCoalaBot: Bots\r\nhttps://malware.dontneedcoffee.com/2017/10/coalabot-http-ddos-bot.html\r\nPage 3 of 11\n\nCoalaBot: Tasks\r\nhttps://malware.dontneedcoffee.com/2017/10/coalabot-http-ddos-bot.html\r\nPage 4 of 11\n\nCoalaBot: Tasks\r\nhttps://malware.dontneedcoffee.com/2017/10/coalabot-http-ddos-bot.html\r\nPage 5 of 11\n\nCoalaBot: New Taks (list)\r\nhttps://malware.dontneedcoffee.com/2017/10/coalabot-http-ddos-bot.html\r\nPage 6 of 11\n\nCoalaBot: https get task details\r\nhttps://malware.dontneedcoffee.com/2017/10/coalabot-http-ddos-bot.html\r\nPage 7 of 11\n\nCoalaBot: http post task details\r\nhttps://malware.dontneedcoffee.com/2017/10/coalabot-http-ddos-bot.html\r\nPage 8 of 11\n\nCoalaBot: Settings\r\nHere is the translated associated advert published on 2017-08-23 by a user going with nick : Discomrade.\r\n(Thanks to Andrew Komarov and others who provided help here).\r\n------------------------------------------\r\nCoala Http Ddos Bot\r\nThe software focuses on L7 attacks (HTTP). Lower levels have more primitive attacks.\r\nAttack types:\r\n• ICMP (PING) FLOOD\r\n• UDP FLOOD\r\nhttps://malware.dontneedcoffee.com/2017/10/coalabot-http-ddos-bot.html\r\nPage 9 of 11\n\n• TCP FLOOD\r\n• HTTP ARME\r\n• HTTP GET *\r\n• HTTP POST *\r\n• HTTP SLOWLORIS *\r\n• HTTP PULSE WAVE *\r\n* - Supports SMART mode, i.e. bypasses Cloudflare/Blazingfast and similar services (but doesn’t bypass\r\nCAPTCHA). All types except ICMP/UDP have support for using SSL.\r\nBinary:\r\n• .NET 2.0 x86 (100% working capacity WIN XP - WIN 7, on later versions ОС .NET 2.0 disabled by default)\r\n• ~100kb after obfuscation\r\n• Auto Backup (optional)\r\n• Low CPU load for efficient use\r\n• Encryption of incoming/outgoing traffic\r\n• No installation on machines from former CIS countries(RU/UA/BL/KZ/...)\r\n• Scan time non-FUD. Contact us if you need a recommendation for a good crypting service.\r\n• Ability to link a build to more than one gate.\r\nPanel:\r\n• Detailed statistics on time online/architecture/etc.\r\n• List of bots, detailed information\r\n• Number count of requests per second (total/for each bot)\r\n• Creation of groups for attacks\r\n• Auto sorting of bots by groups\r\n• Creation of tasks, the ability to choose by group/country\r\n• Setting an optional time for bots success rate\r\nOther:\r\n• Providing macros for randomization of sent data\r\nhttps://malware.dontneedcoffee.com/2017/10/coalabot-http-ddos-bot.html\r\nPage 10 of 11\n\n• Support of .onion gate\r\n• Ability to install an additional layer (BOT =\u003e LAYER =\u003e MAIN GATE)\r\nRequirements:\r\n• PHP 5.6 or higher\r\n• MySQL\r\n• Мodule for MySQLi(mysqli_nd); php-mbstring, php-json, php-mcrypt extensions\r\nScreenshots:\r\nPrice:\r\n• $300 - build and panel. Up to 3 gates for one build.\r\n• $20 - rebuild\r\nThe price can vary depending on updates.\r\nEscrow service is welcome.\r\nHelp with installation is no charge.\r\n------------------------------------------Sample:\r\nVT link\r\nMD5 f3862c311c67cb027a06d4272b680a3b\r\nSHA1 0ff1584eec4fc5c72439d94e8cee922703c44049\r\nSHA256 fd07ad13dbf9da3f7841bc0dbfd303dc18153ad36259d9c6db127b49fa01d08fEmerging Threats rules :\r\n2024531 || ET TROJAN MSIL/CoalaBot CnC Activity\r\nRead More:\r\nAugust in November: New Information Stealer Hits the Scene - 2016-12-07 - Proofpoint\r\nSource: https://malware.dontneedcoffee.com/2017/10/coalabot-http-ddos-bot.html\r\nhttps://malware.dontneedcoffee.com/2017/10/coalabot-http-ddos-bot.html\r\nPage 11 of 11",
	"extraction_quality": 1,
	"language": "EN",
	"sources": [
		"Malpedia"
	],
	"references": [
		"https://malware.dontneedcoffee.com/2017/10/coalabot-http-ddos-bot.html"
	],
	"report_names": [
		"coalabot-http-ddos-bot.html"
	],
	"threat_actors": [],
	"ts_created_at": 1775434896,
	"ts_updated_at": 1775791226,
	"ts_creation_date": 0,
	"ts_modification_date": 0,
	"files": {
		"pdf": "https://archive.orkl.eu/350a4666c75af258c8bbcbd02b76bacf754ebbbe.pdf",
		"text": "https://archive.orkl.eu/350a4666c75af258c8bbcbd02b76bacf754ebbbe.txt",
		"img": "https://archive.orkl.eu/350a4666c75af258c8bbcbd02b76bacf754ebbbe.jpg"
	}
}