MalwareUsed by 1 actor

DiscordGo

DiscordGo is a Python-based framework referenced as part of the tooling used in the Matrix DDoS campaign for botnet management and coordination. Reporting cited it alongside other DDoS-related programs such as PYbot, pynet, Homo Network, Mirai, and a JavaScript HTTP/HTTPS flood tool. In the observed campaign, the Matrix threat actor used publicly available GitHub-hosted tools to compromise IoT devices, routers, telecom equipment, cameras, DVRs, and some enterprise/cloud-associated systems by exploiting known vulnerabilities, misconfigurations, and weak or default credentials, then assimilated compromised hosts into a botnet for disruptive DDoS activity. Aqua Nautilus reporting specifically states Matrix employed Python-based frameworks such as PyBot and DiscordGo for botnet management. The broader operation was assessed as financially motivated and linked to DDoS-for-hire activity advertised through the Telegram bot "Kraken Autobuy," with victim concentration in China and Japan and additional targeting in Argentina, Australia, Brazil, Egypt, India, and the United States. No DiscordGo-specific indicators of compromise were provided in the source content.

For your environment

Hunt this family in your stack

Mallory pivots from this family to the IOCs, detections, and named campaigns that touch your stack, and pages you when something new lands.

Start free trial

THREAT ACTORS

Groups observed using it

1 distinct threat actor attributed by public researchers. Open in Mallory to see the full evidence chain and overlapping campaigns.

View more details

Matrix

This includes PYbot, pynet, DiscordGo, Homo Network, a JavaScript program that implements an HTTP/HTTPS flood attack...

via the hacker newsthehackernews.com

ACTIVITY FEED

Recent activity

2 sources tracked across advisories, community write-ups, and news. New activity surfaces here as Mallory finds it.

2 SOURCESView more in app

security online infoNews

Nov 28, 2024

35 Million Devices Vulnerable: Matrix DDoS Campaign Highlights Growing IoT Threat

DiscordGo is a Python-based framework used for botnet management and coordination, likely leveraging Discord as a C2 channel.

the hacker newsNews

Nov 27, 2024

Matrix Botnet Exploits IoT Devices in Widespread DDoS Botnet Campaign

DDoS-related program/tool used in the campaign (as listed alongside other DDoS tooling).

What this page doesn’t show

The version that knows your environment.

This page is what’s public. Mallory adds the parts that aren’t: which of your assets match these IOCs, which detections are missing, which campaigns to expect next, and what to do in the next 30 minutes.

Start free trial

IOC matching

Match every observed IP, domain, and hash against your live telemetry.

Threat actor attribution1

Named campaigns wielding this family, with evidence pinned to each claim.

Exploited vulnerabilities

CVEs this family uses for access and lateral movement.

Detection signatures

YARA, Sigma, Snort, and vendor rules, auto-deployed to your SIEM.

MITRE ATT&CK mapping

Every documented technique, ranked by evidence weight.

Researcher chatter

Reddit, Mastodon, and CTI community discussion around this family.