3C-INT logo [Cyber]Crime Characterization for Intelligence FREE PREVIEW
You are exploring the Free preview. To unlock full read-only access to all public profiles and in-app notifications, create a free research account. For analyst / premium plans capabilities (editing, advanced tabs, exports), please contact us

Threat Actor Characterization

Back
You’re viewing the read-only version. Sign in for analyst tools (editors, promote draft, file/relations management, etc.)
DDoSia

DDoSia

ID: b7d77c3843e937f1ce7569624ec78ae700371
Crimeware Trojan
Threat types: Hacktivism, DDoS Toolkit, Pro‑Russia
Russia KOR
Updated: 2026-04-15
Created: 2026-02-24
Progress: 95% Completeness: 100% Freshness: 100%
Operation zone: South Korea
Aliases Limited alias preview
DDoSIA DDoSia Project DD****************** DD*********
Showing 2 of 4 aliases in free preview.
Actor Network Graph
Open Network Graph
Read-only preview for anonymous visitors. Sign in with a free Research account for full workspace.
MITRE ATT&CK®
confidence: medium
Actor Techniques page ATT&CK® Diagram

DDoSia is an OSINT-described crowdsourced DDoS toolkit and participation model associated with pro-Russian hacktivist ecosystems (notably NoName057(16)). Public analyses describe a volunteer client distribution approach, target-list mobilization, and repeated application-layer flood campaigns. Law-enforcement actions against the broader ecosystem (Operation Eastwood, July 2025) highlight the organized and resilient nature of this disruption model.


Technique Technique name Tactics Evidence
T1498 Network Denial of Service TA0040
  • 2025-07-22 — Recorded Future describes sustained DDoS targeting consistent with the DDoSia model. · ref
  • 2025-12-18 — CISA advisory describes opportunistic pro-Russia hacktivist DDoS activity; DDoSia is a tooling layer associated with this ecosystem. · ref
T1585.001 Social Media Accounts TA0042
  • 2023-06-29 — Sekoia describes the DDoSia project’s coordination and target tracking ecosystem; social channels are central to mobilization. · ref
T1583.001 Domains TA0042
  • 2023-01-12 — SentinelOne describes use of GitHub/GitHub Pages for tool distribution (infrastructure supporting operations). · ref
Strategic Intelligence
Limited preview
Last updated: 2026-04-13T00:54:16+00:00

DDoSia

Classification: Unclassified / Open Source Intelligence (OSINT) — TLP:WHITE

Full strategic intelligence is available in Analyst and Premium plans.
Executive Analyst Brief for CISO
Saved Limited preview

Executive Analyst Brief for Decision Makers — DDoSia


Upgrade to access the full executive brief.
Tip: Hover the section title to learn what’s included in Analyst / Premium plans.
Executive brief now
Saved successfully.
Hunting Playbook
Saved Limited preview

Hunting Playbook — DDoSia


Upgrade to access the full hunting playbook.
Tip: Hover the section title to learn what’s included in Analyst / Premium plans.
Hunting Playbook now
Saved successfully.
IOC Appendix
Saved Limited preview
Last updated: 2026-02-25T02:01:09+00:00

IOC Appendix — DDoSia (Operational Seed Set)


More IOC context for Research. Full appendix for Analyst and Premium plans.
IOC Appendix now
Saved successfully.
OSINT Library
Saved Limited preview
Last saved: 2026-02-25T02:01:26+00:00

OSINT Library — DDoSia


2025-07-22 — Recorded Future (Insikt Group) — “Anatomy of DDoSia: NoName057(16)'s DDoS Infrastructure and Targeting (PDF)”

Full OSINT references available for Research / Analyst.
OSINT Library now
Saved successfully.
Social Medial & Communication
SOCMINT integrated: 0/20
Address Verification SOCMINT
t.me/+fi************** Restricted Not integrated
t.me/+zu************** Restricted Not integrated
t.me/+LR************** Restricted Not integrated
t.me/c/2*********** Restricted Not integrated
t.me/DDo****** Restricted Not integrated
t.me/DDD************ Restricted Not integrated
t.me/+Z6************** Restricted Not integrated
t.me/+78************** Restricted Not integrated
t.me/+Lp************** Restricted Not integrated
t.me/ddo********** Restricted Not integrated
t.me/+ig************** Restricted Not integrated
t.me/+gP************** Restricted Not integrated
t.me/+rl************** Restricted Not integrated
t.me/+1L************** Restricted Not integrated
t.me/+PS************** Restricted Not integrated
Address Verification SOCMINT
in**@witha.name Restricted Not integrated
Address Verification SOCMINT
dddosia.github.io Restricted Not integrated
witha.name Restricted Not integrated
Address Verification SOCMINT
withanamemwesdvodfhthjq25a5a3uas24cpgoa7qm6gchcerzpis6qd.onion Restricted Not integrated
Address Verification SOCMINT
github.com/ddd**** Restricted Not integrated
Notes: preview mode hides sensitive social/contact details.
Reference Images/Associated Evidence Limited
Showing 1–1 of 1 images
DDoSia website Free Preview
DDoSia website