DDG is a Monero-mining botnet that targets Redis servers through brute-force attacks against SSH and unauthorized access vulnerability. The latest DDG version is 3014.
Recently, Alibaba Cloud Security team detects an increase in the number of DDG mining botnet attacks. Once an attack succeeds, DDG executes the crontab command on the controlled servers to perform regularly update and run. Update source: hxxp://188.8.131.52:8000/i.sh
Malicious IP address: 184.108.40.206
Event: DDG worm from a command-and-control server
Risk level: High
Cloud Firewall has been able to defend against such attacks. We recommend that you enable intrusion prevention policies in the Cloud Firewall console.