{ "id": "100f90f4-5941-4405-b6bc-5687ac3650c9", "created_at": "2026-04-06T00:07:12.194955Z", "updated_at": "2026-04-10T03:25:18.468123Z", "deleted_at": null, "sha1_hash": "f9064ea4e65324fc320ee0d184be8602e693023f", "title": "Madness PRO DDoS - Threat Group Cards: A Threat Actor Encyclopedia", "llm_title": "", "authors": "", "file_creation_date": "0001-01-01T00:00:00Z", "file_modification_date": "0001-01-01T00:00:00Z", "file_size": 48473, "plain_text": "Madness PRO DDoS - Threat Group Cards: A Threat Actor\r\nEncyclopedia\r\nArchived: 2026-04-05 22:26:24 UTC\r\nHome \u003e List all groups \u003e List all tools \u003e List all groups using tool Madness PRO DDoS\r\n Tool: Madness PRO DDoS\r\nNames Madness PRO DDoS\r\nCategory Malware\r\nType Backdoor, DDoS\r\nDescription\r\n[Google Translated]\r\n• Written in C++, easily crypt is lightweight (compressed sample \u003c 15KB)\r\n• Full compatibility with all Windows family of NT (x86 and x64)\r\n• Boat has 7 types of attacks\r\n• Stability in the system. Indicators load on the CPU and RAM are very uniform\r\n• Do not attracted the attention of UAC and Windows Firewall\r\n• Able to establish port, referal and cookies individually for each goal\r\n• Supports up to 10 targets simultaneously\r\n• Has a very low load on the CPU with the new, complex system of parsing commands (all\r\nanalogs parsing takes place inside a function in multiple threads - it's extra work load on the\r\nprocessor. New bot enters all data in the array before the attack on the function and come\r\nready options address, port, referral, etc.)\r\n• Has an enormous power output of more than 1500 http (and more 30000 UDP) queries per\r\nminute through direct interaction with the network drivers, even on desktop Windows! (only\r\nusing WinSock) is about 10 times more than some few analogs and more top (on this\r\nparameter) competitors.\r\n• In the control panel are: the number of requests per minute, right in the system, the version of\r\nthe system.\r\n• Supports bypass CloudFlare protection (!) And many other more common.\r\n• Supports Slow GET and Slow POST modes!\r\n• In the packet header specifies disabling the cache (Cache-Control: no-cache), which\r\nincreases the load on the server\r\n• The protection of dialogue bot panel spetsklyuchem\r\nInformation \u003chttps://malware.dontneedcoffee.com/2013/10/meet-madness-pro-or-few-days-rise-of.html\u003e\r\nLast change to this tool card: 20 April 2020\r\nhttps://apt.etda.or.th/cgi-bin/listgroups.cgi?u=3778840f-9989-4cbf-b6f9-a8cf4f4e7b0f\r\nPage 1 of 2\n\nDownload this tool card in JSON format\r\nAll groups using tool Madness PRO DDoS\r\nChanged Name Country Observed\r\nOther groups\r\n  Guru Spider 2014-Mar 2018  \r\n1 group listed (0 APT, 1 other, 0 unknown)\r\nSource: https://apt.etda.or.th/cgi-bin/listgroups.cgi?u=3778840f-9989-4cbf-b6f9-a8cf4f4e7b0f\r\nhttps://apt.etda.or.th/cgi-bin/listgroups.cgi?u=3778840f-9989-4cbf-b6f9-a8cf4f4e7b0f\r\nPage 2 of 2", "extraction_quality": 1, "language": "EN", "sources": [ "ETDA" ], "references": [ "https://apt.etda.or.th/cgi-bin/listgroups.cgi?u=3778840f-9989-4cbf-b6f9-a8cf4f4e7b0f" ], "report_names": [ "listgroups.cgi?u=3778840f-9989-4cbf-b6f9-a8cf4f4e7b0f" ], "threat_actors": [ { "id": "64ac8ebd-4cd6-410b-83f3-f3ef25b59156", "created_at": "2022-10-25T16:07:24.494373Z", "updated_at": "2026-04-10T02:00:05.009827Z", "deleted_at": null, "main_name": "Guru Spider", "aliases": [], "source_name": "ETDA:Guru Spider", "tools": [ "MBS BTC Stealer", "MKL Pro Keylogger", "Madness PRO DDoS", "Quant Loader", "QuantLoader", "Z*Stealer", "ZStealer" ], "source_id": "ETDA", "reports": null }, { "id": "bc28c4ad-2d4b-47f4-8303-7360a9e72570", "created_at": "2023-01-06T13:46:38.900931Z", "updated_at": "2026-04-10T02:00:03.13942Z", "deleted_at": null, "main_name": "GURU SPIDER", "aliases": [], "source_name": "MISPGALAXY:GURU SPIDER", "tools": [], "source_id": "MISPGALAXY", "reports": null } ], "ts_created_at": 1775434032, "ts_updated_at": 1775791518, "ts_creation_date": 0, "ts_modification_date": 0, "files": { "pdf": "https://archive.orkl.eu/f9064ea4e65324fc320ee0d184be8602e693023f.pdf", "text": "https://archive.orkl.eu/f9064ea4e65324fc320ee0d184be8602e693023f.txt", "img": "https://archive.orkl.eu/f9064ea4e65324fc320ee0d184be8602e693023f.jpg" } }