[ikolor]

Hi I would ask advanced user.What malware are use on this attack .I have a mail account in Protonmail.com .This is mail server in Switzerland doesn't touch by "NSA".

https://twitter.com/protonmail?lang=pl
https://www.facebook.com/protonmail/

Strange question but important to me .!!

[TETYYSs]

hi, nobody knows yet
it's just ddos attack, it's just packets. this doesn't say anything about botnet nor even more about malware used to gather botnet

[ikolor]

The first grup who force ransom was ""Armada Collective"" I suppose it was Russian group .
htxp://evil-hack.ru/forum.php
After Protonmail paid another grup started new DDoS.

I would think they use Linux/Xor.DDOS malware.

http://blog.malwaremustdie.org/

https://protonmail.com/ still down

[EP_X0FF]

Evil-hack.ru is analogue of fuckav.ru script-kiddie forum. General staff and most of users located in Ukraine. I doubt you can find any "interesting" stuff here except few vb/delphi trojans with "ddos" module on board.

[tWiCe]

I would think they use Linux/Xor.DDOS malware.

Why do you guess exactly Xor.DDOS? Why can't it be any of other ChinaZ botnets (Gates, MrBlack, DnsAmp, etc) or Fgt/Tsunami botnets?

[ikolor]

You are right .I just suppose .